PDF問題(2025年最新)実際のOracle 1z0-1084-24試験問題 [Q45-Q66]

Share

PDF問題(2025年最新)実際のOracle 1z0-1084-24試験問題

問題集返金保証付きの1z0-1084-24問題集には90%オフされます


Oracle 1z0-1084-24 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Cloud Native Fundamentals: This section tests the ability of cloud developers and architects to understand the core principles of cloud native development. Candidates are expected to explain the fundamentals of cloud native and discuss the key pillars that support cloud native approaches.
トピック 2
  • Cloud Native Applications and Containerization: Candidates must demonstrate their knowledge of Docker, including its architecture and components, to effectively manage containerized applications. This includes using Oracle Cloud Infrastructure Registry (OCIR) to pull and push container images.
トピック 3
  • Leveraging Serverless Technologies for Cloud Native Development: This part of the exam evaluates the ability to develop serverless applications using Oracle Functions. Candidates should be able to create API gateways to manage traffic from API clients and route it to back-end services, as well as establish integrations between systems using the OCI streaming service.
トピック 4
  • Testing and Securing Cloud Native Applications: Cloud engineers and developers are tested on their ability to analyze and evaluate cloud native testing methodologies, developing effective strategies for testing applications in a cloud-native environment.
トピック 5
  • Monitoring & Troubleshooting Cloud Native Applications: This section assesses candidates' skills in monitoring and troubleshooting cloud native applications. They must utilize the OCI Monitoring service to view metrics and the OCI Logging service to manage and search logs effectively.

 

質問 # 45
You are using Oracle Cloud Infrastructure (OCI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code?

  • A. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the notification topic for the corresponding action.
  • B. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action.
  • C. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select "Action Type: Email" and provide the destination email address.
  • D. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action.

正解:A

解説:
The correct approach to receive an email each time a Terraform action begins in Oracle Cloud Infrastructure (OCI) Resource Manager without writing any code is as follows: Create an OCI Notification topic and email subscription with the destination email address. This will define the email delivery configuration. Create an OCI Events rule that matches the "Resource Manager Job - Create" condition. This rule will be triggered when a Resource Manager job is created. In the OCI Events rule, select the notification topic that was created in step 1 as the action for the corresponding event. This will ensure that the notification is sent to the specified email address. By following these steps, you can configure the OCI Events service to send an email notification whenever a Resource Manager job is created in OCI Resource Manager.


質問 # 46
Which of the following is NOT a criterion that is usually met by a microservice?

  • A. Independently deployable
  • B. Highly maintainable
  • C. Tightly coupled
  • D. Organized around business capabilities.

正解:C

解説:
The correct answer is: "Tightly coupled." Tightly coupling is not a criterion that is usually met by a microservice. In fact, microservices are designed to be loosely coupled. Loosely coupling refers to reducing dependencies and minimizing the direct interactions between different components or services. Microservices promote independence and autonomy, allowing each service to operate independently without being tightly bound to other services. The other options listed are criteria that are typically met by microservices:
Organized around business capabilities: Microservices architecture suggests designing services around specific business capabilities or functionalities. This allows for focused and specialized services that align with the organization's business needs. Independently deployable: Microservices are designed to be independently deployable units. Each microservice can be developed, tested, and deployed separately, without impacting other services. This enables agility and scalability in the deployment process. Highly maintainable:
Microservices are often designed to be highly maintainable. They are smaller in scope and focused on specific tasks, making it easier to manage and maintain individual services. Additionally, microservices can be updated, patched, or replaced without affecting the entire system, facilitating easier maintenance and evolution of the application. Therefore, the criterion that is NOT typically met by a microservice is being tightly coupled.


質問 # 47
Which is ONE of the differences between a microservice and a serverless function?

  • A. Microservices always use a data store while serverless functions never use a data store.
  • B. Microservices are used for long running operations while serverless functions are used for short running operations.
  • C. Microservices are triggered by events while serverless functions are not.
  • D. Microservices are stateless while serverless functions are stateful.

正解:B

解説:
The correct answer is: Microservices are used for long running operations while serverless functions are used for short running operations. One of the key differences between microservices and serverless functions is the duration of their execution. Microservices are typically designed to handle long-running operations and may continuously run and process requests as part of a larger system. They are often deployed and managed as long-lived services. On the other hand, serverless functions are designed to handle short-lived operations or tasks that execute in response to specific events or triggers. They are event-driven and execute only when invoked, providing a lightweight and ephemeral computing model. Serverless functions are often used for executing small, isolated pieces of code without the need for managing infrastructure or scaling concerns.
While both microservices and serverless functions can be stateless or stateful depending on the specific implementation, the key distinction lies in the typical duration and execution pattern of these components within an application architecture.


質問 # 48
You are building a cloud native serverless travel application with multiple Oracle Functions in Java, Python, and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command will help you complete this task successfully?

  • A. fn function deploy app travel-app--all
  • B. fn app --app travel-app deploy --ext java pyljs
  • C. fn deploy--app travel-app --all
  • D. fn app deploy --app travel-app --all

正解:C

解説:
The correct answer is: fn deploy --app travel-app --all Explanation: To build and deploy multiple Oracle Functions as part of a single application named "travel-app," you can use the fn deploy command with the appropriate options. The command fn deploy --app travel-app --all is the correct syntax. Here's what each part of the command does: fn deploy: This command is used to deploy functions and applications in Oracle Functions. --app travel-app: This option specifies the application name as "travel-app," indicating that you want to deploy functions to this application. --all: This option indicates that you want to deploy all the functions within the application. By using fn deploy --app travel-app --all, you can build and deploy all the functions in your travel application across different programming languages (Java, Python, and Node.js) to the "travel-app" application in Oracle Functions.


質問 # 49
How are cloud native application versions deployed to an OKE cluster when using a blue/green deployment strategy?

  • A. New application versions are deployed in minor increments to a select group of people.
  • B. Both old and new application versions are deployed to production at the same time.
  • C. Current applications are slowly replaced with new application versions.

正解:B

解説:
Blue/Green deployment strategy allows releasing a new version of an application using two identical environments where one of them is active at a given time. The current version of the application is provisioned on the active environment, whereas the new version gets deployed to the standby environment1. The traffic is shifted from the active to the standby environment by updating the ingress resource2. Therefore, both old and new application versions are deployed to production at the same time, but only one of them receives the traffic. Verified References: Announcing new deployment strategies for OCI DevOps Service, Blue-Green OKE Deployment


質問 # 50
Which TWO statements accurately describe an Oracle Functions application? (Choose two.)

  • A. A Docker image containing all the functions that share the same configuration.
  • B. A small block of code invoked in response to an OCI Events service.
    A logical group of functions.
  • C. A common context to store configuration variables that are available to all functions in the application.
    A Docker image containing all the functions that share the same configuration.
  • D. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events, and OCI API Gateway services.

正解:B、C

解説:
The correct statements are: A common context to store configuration variables that are available to all functions in the application. A Docker image containing all the functions that share the same configuration. A logical group of functions. Explanation: An Oracle Functions application provides a common context for functions within the application. It allows you to store configuration variables that are accessible by all the functions in the application. Functions within the same application can share the same Docker image, which contains the common configuration and dependencies. An Oracle Functions application serves as a logical group that organizes related functions. Functions within the same application can be managed collectively, and they can interact and share resources within the application context.


質問 # 51
Which of the following TWO statements are TRUE about deleting a Kubernetes cluster? (Choose two.)

  • A. Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNS, Internet Gateways, NAT Gateways, Route Tables, Security Lists, B. Load Balancers, and Block Volumes) are deleted automatically.
  • B. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNS. Internet Gateways, NAT Gateways, Route Tables, Security Lists. Load Balancers, and Block Volumes) are deleted automatically.
  • C. You cannot change the autogenerated names of the worker nodes in the format oke-c<part-of cluster- CCID>-<part-of-node-pool-OCID>-<part-of-subnet-OCID>-<slot> within a Kubernetes cluster.
  • D. If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted.
  • E. Changing the auto-generated name of a worker node does not affect the deletion of the worker node when the cluster in which it is created is deleted.

正解:B、D

解説:
The correct statements about deleting a Kubernetes cluster are: If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted. Changing the name of a worker node does not affect its deletion when the cluster is deleted. The cluster deletion process does not consider the renamed worker nodes and will delete all worker nodes associated with the cluster. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNs, Internet Gateways, NAT Gateways, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically. These additional resources are not automatically deleted when the cluster is deleted. You need to manage the deletion of these resources separately, if desired. Therefore, the correct statements are that the renamed worker nodes are not deleted when the cluster is deleted, and other associated resources are not automatically deleted when the cluster is deleted.


質問 # 52
A Docker image consists of one or more layers, each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. What permission is associated with these layers?

  • A. read only
  • B. write once
  • C. read mostly
  • D. write only
  • E. movable

正解:A

解説:
The correct answer is: "read only." The layers of a Docker image are read-only. Once a layer is created, it cannot be modified. Each layer represents a Dockerfile instruction, and it is stacked on top of the previous layer, forming a stack of immutable layers. These layers are designed to be read-only to ensure consistency and integrity of the image. When a Docker image is built, each instruction in the Dockerfile creates a new layer. Each layer represents the changes made by that instruction relative to the previous layer. The layers are stacked on top of each other to form the complete image. This layer-based approach allows for efficient storage and distribution of Docker images. Because the layers are read-only, any changes or modifications to the image result in the creation of new layers rather than modifying the existing ones. This immutability ensures that each layer remains intact and preserves the integrity of the image. It also enables Docker's caching mechanism, where previously built layers can be reused if the corresponding instructions haven't changed, speeding up the image build process. The other options mentioned, such as "write only," "write once," "movable," and "read mostly," do not accurately describe the permission associated with Docker image layers. Docker image layers are specifically designed to be read-only.


質問 # 53
You deployed a Python application to an Oracle Container Engine for Kubernetes (OKE) cluster. However, while testing you found a bug, which you rectified and then created a new Docker image. You now need to ensure that if this new image does not work once deployed, you should be able to roll back to the previous version. Using kubect1, which strategy should you use?

  • A. A/B Testing
  • B. Canary Deployment
  • C. Blue/Green Deployment
  • D. Rolling Update

正解:D

解説:
A rolling update is a deployment strategy that gradually replaces the old version of an application with the new version without any downtime4. OKE supports rolling updates by using the kubectl rollout command4. A rolling update allows you to roll back to the previous version if something goes wrong with the new version4.
Therefore, using a rolling update strategy with kubectl ensures that you can roll back to the previous version of your Python application if the new image does not work once deployed. Verified References: Deploy Oracle Container Engine for Kubernetes


質問 # 54
What can you use to dynamically make Kubernetes resources discoverable to public DNS servers? (Choose the best answer.)

  • A. CoreDNS
  • B. kubeDNS
  • C. ExternalDNS
  • D. DynDNS

正解:C

解説:
To dynamically make Kubernetes resources discoverable to public DNS servers, you can use ExternalDNS.
ExternalDNS is a Kubernetes add-on that automates the management of DNS records for your Kubernetes services and ingresses. It can be configured to monitor the changes in your Kubernetes resources and automatically update DNS records in a supported DNS provider. By integrating ExternalDNS with your Kubernetes cluster, you can ensure that the DNS records for your services and ingresses are automatically created, updated, or deleted based on changes in your Kubernetes resources. This allows your Kubernetes resources to be discoverable by external systems through public DNS servers.


質問 # 55
As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which of the following should you leverage to meet this requirement? (Choose the best answer.)

  • A. OCI Container Engine for Kubernetes
  • B. Oracle Functions
  • C. Open Service Broker API
  • D. OCI Service Broker for Kubernetes

正解:D

解説:
To provision storage buckets as part of your Kubernetes deployment process for an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage, you should leverage the OCI Service Broker for Kubernetes. OCI Service Broker for Kubernetes enables you to provision and manage OCI resources, including Object Storage buckets, directly from Kubernetes. It provides a Kubernetes-native experience for managing OCI services, allowing you to define and manage OCI resources as part of your application deployment process. By using the OCI Service Broker for Kubernetes, you can define the required Object Storage buckets in your Kubernetes manifests, and the service broker will handle the provisioning and management of those buckets in OCI, ensuring that they are available for your application wherever it is running.


質問 # 56
You have been asked to update an OKE cluster to a network configuration that has the least attack surface while the deployed applications are still directly available for access from the Internet. Which is a valid OKE cluster network configuration that meets this requirement? (Choose the best answer.)

  • A. Private subnets for nodes, the Kubemetes API endpoint, and load balancers
  • B. Private subnets for nodes; public subnets for the Kubemetes API endpoint and load balancers
  • C. Private subnet for the Kubemetes API endpoint; public subnets for nodes and load balancers
  • D. Private subnets for nodes and the Kubemetes API endpoint; public subnets for load balancers

正解:D

解説:
The valid OKE cluster network configuration that meets the requirement of having the least attack surface while still allowing direct access to the deployed applications from the Internet is: Private subnets for nodes and the Kubernetes API endpoint; public subnets for load balancers. By placing the nodes and the Kubernetes API endpoint in private subnets, they are not directly accessible from the Internet, reducing the attack surface.
The load balancers, on the other hand, are placed in public subnets, allowing them to be accessed from the Internet and serve as the entry point for accessing the deployed applications. This configuration ensures that the critical components of the cluster, such as the nodes and the API endpoint, are protected within the private network, while still providing accessibility to the applications through the load balancers. It helps to enhance security by limiting direct access to the internal components of the cluster while maintaining the availability of the deployed applications.


質問 # 57
Which TWO statements are true for serverless computing and serverless architectures? (Choose two.)

  • A. Applications running on a FaaS (Functions as a Service) platform.
  • B. Serverless function execution is fully managed by third party.
  • C. Long running tasks are perfectly suited for serverless.
  • D. Application DevOps team is responsible for scaling.
  • E. Serverless function state should never be stored externally.

正解:A、B

解説:
The two true statements for serverless computing and serverless architectures are: Applications running on a FaaS (Functions as a Service) platform: Serverless architectures typically involve running code in the form of functions on a serverless platform. These functions are event-driven and executed in response to specific triggers or events. Serverless function execution is fully managed by a third party: In serverless computing, the cloud provider takes care of the infrastructure management and resource provisioning. The execution of serverless functions is handled automatically by the platform, relieving developers from the responsibility of managing servers or infrastructure. It's important to note that long running tasks are not typically suited for serverless architectures due to the event-driven nature of serverless functions. Also, while serverless functions may have state, it is recommended to avoid external storage dependencies and instead leverage stateless functions whenever possible. Additionally, scaling in serverless architectures is typically handled automatically by the platform, rather than being the responsibility of the application DevOps team.


質問 # 58
Oracle Functions monitors all deployed functions and collects and reports various metrics. Which is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console?

  • A. The number of requests to invoke a function that failed with an error response.
  • B. The number of requests to invoke a function that failed due to throttling.
  • C. The length of time a function runs for.
  • D. The number of retries made by the function before failing due to an error.

正解:D

解説:
The option that is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console is: "The number of retries made by the function before failing due to an error." When viewing the Application metrics in the OCI Console for Oracle Functions, you can typically see metrics related to the performance and usage of your functions. These metrics provide insights into how your functions are performing and being utilized. The following metrics are usually available: The number of requests to invoke a function that failed due to throttling: This metric indicates the number of requests that were not processed by the function due to reaching the configured concurrency limit or throttling settings. The length of time a function runs for: This metric represents the duration of each function invocation, measuring the time it takes for the function to complete its execution. The number of requests to invoke a function that failed with an error response: This metric counts the number of requests that encountered an error during the function invocation, resulting in a failed response. However, the number of retries made by the function before failing due to an error is not typically available as part of the Application metrics in the OCI Console. The retries made by the function are usually handled at the invoker level, and the specific details of retries may not be captured as part of the application-level metrics. It's important to note that the availability of metrics and their specific details may vary depending on the version and configuration of Oracle Functions and the monitoring setup. It is recommended to refer to the Oracle Functions documentation and consult the official documentation for accurate and up-to-date information on available metrics.


質問 # 59
Your organization has deployed their e-commerce application on Oracle Container Engine for Kubernetes (OKE) and they are using the Oracle Cloud Infrastructure Registry (OCIR) service as their Docker image repository. They have deployed the OKE cluster using the 'custom create' option, and their Virtual Cloud Network (VCN) has three public subnets with associated Route Tables, Security Lists, and Internet Gateway.
However, their application containers are failing to deploy. On investigation, they discover that the images are not being pulled from the designated OCIR repository, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated?

  • A. Security List rule for TCP port 22 needs to be added to connect to the OCIR service.
  • B. OKE cluster needs to have a secret with the credentials of their OCIR repository and use that secret in the Kubernetes deployment manifest.
  • C. VCN hosting the OKE cluster worker nodes needs to have a NAT gateway to access OCIR repositories.
  • D. Identity and Access Management (IAM) credentials need to be added for each user that deploys applications to the OKE cluster.

正解:B

解説:
A valid concern that needs to be further investigated in this scenario is whether the OKE cluster has a secret with the credentials of the Oracle Cloud Infrastructure Registry (OCIR) repository and if that secret is being used in the Kubernetes deployment manifest. Here's why this concern is relevant: Access to the OCIR repository: In order for the OKE cluster to pull images from the OCIR repository, it needs proper authentication credentials. These credentials are typically provided in the form of a secret, which contains the necessary information to authenticate with the registry. Secret in the deployment manifest: The Kubernetes deployment manifest defines how the application containers should be deployed. It includes specifications such as the container image, resource requirements, and environment variables. To pull images from a private repository like OCIR, the deployment manifest needs to reference the appropriate secret that contains the registry credentials. If the images are not being pulled from the designated OCIR repository, it suggests that either the secret with the OCIR credentials is missing or it is not properly referenced in the deployment manifest. Further investigation should focus on verifying the presence and correctness of the secret, as well as confirming that it is correctly referenced in the deployment manifest for the application containers. By ensuring the presence of the secret and proper configuration in the deployment manifest, the OKE cluster will have the necessary credentials to access the OCIR repository and successfully deploy the application containers.


質問 # 60
When developing microservices, each one can be developed in the language of choice. Which term describes this type of development? (Choose the best answer.)

  • A. Polyglot
  • B. DevOps
  • C. Agile
  • D. Distributed

正解:D

解説:
The term that describes developing microservices in different languages of choice is "Polyglot." In a polyglot architecture, each microservice is developed using the most appropriate programming language or technology stack for its specific requirements. This approach allows developers to leverage the strengths of different languages and frameworks, enabling them to use the most suitable tool for each microservice while still maintaining interoperability between services.


質問 # 61
Which of the following step is NOT required for setting up the Container Engine for Kubernetes (OKE) cluster access using a local installation of kubectl?

  • A. Generate an API signing key pair (if you do not already have one) and upload the public key of the API signing key pair.
  • B. Install and configure the Oracle Cloud Infrastructure (OCI) CLI.
  • C. Generate Auth token from the OCI console to access the OKE cluster using kubectl.
  • D. Set up the kubeconfig file.

正解:C

解説:
The step that is NOT required for setting up the Container Engine for Kubernetes (OKE) cluster access using a local installation of kubectl is to generate an Auth token from the OCI console. The authentication for accessing the OKE cluster using kubectl can be performed using the OCI CLI configuration, specifically the API signing key pair and the kubeconfig file. Here are the correct steps for setting up the OKE cluster access using a local installation of kubectl: Set up the kubeconfig file: The kubeconfig file contains the necessary information to authenticate and access the OKE cluster using kubectl. It includes details such as the cluster endpoint, authentication method, and credentials. Generate an API signing key pair (if you do not already have one) and upload the public key of the API signing key pair: The API signing key pair is used for authentication with the OCI services. The public key of the key pair needs to be uploaded to the OCI Console to associate it with your user account. Install and configure the Oracle Cloud Infrastructure (OCI) CLI: The OCI CLI provides a command-line interface to interact with the OCI services. It needs to be installed and configured with your OCI credentials, including the user's OCID, tenancy OCID, region, and the path to the API signing key pair. By completing these steps, you can configure kubectl to access and manage your OKE clusters from your local machine using the OCI CLI authentication configuration.


質問 # 62
You have created a repository in Oracle Cloud Infrastructure Registry (OCIR) in the us-ashburn-1 (iad) region in your tenancy with the heyoci namespace. Which three are valid tags for an image named myapp? (Choose three.)

  • A. iad.ocir.io/heyoci/myproject/myapp:0.0.1
  • B. us-ashburn-1.ocir.io/myproject/heyoci/myapp:latest
  • C. us-ashburn-1.ocir.io/heyoci/myapp:0.0.2-beta
  • D. us-ashburn-1.ocir.io/heyoci/myproject/myapp:0.0.2-beta
  • E. iad.ocir.io/heyoci/myapp:0.0.2-beta
  • F. iad.ccir.io/heyoci/myapp:latest

正解:A、D、F

解説:
(OPT) iad.ocir.io/myproject/heyoci/myapp:latest The three valid tags for an image named myapp in the heyoci namespace of the Oracle Cloud Infrastructure Registry (OCIR) in the us-ashburn-1 (iad) region are:
iad.ccir.io/heyoci/myapp:latest This tag specifies the latest version of the myapp image in the heyoci namespace in the iad region. iad.ocir.io/heyoci/myapp:0.0.2-beta This tag specifies version 0.0.2-beta of the myapp image in the heyoci namespace in the iad region. us-ashburn-1.ocir.io/heyoci/myapp:0.0.2-beta This tag specifies version 0.0.2-beta of the myapp image in the heyoci namespace in the us-ashburn-1 region. The other options mentioned are not valid tags for the given scenario: us-ashburn-1.ocir.io/heyoci/myapp:0.0.2- beta (incorrect format, missing the namespace) iad.ocir.io/myproject/heyoci/myapp:latest (incorrect format, incorrect order of namespace and project) us-ashburn-1.ocir.io/myproject/heyoci/myapp:latest (incorrect format, incorrect order of namespace and project) The correct format for tagging an image in OCIR is
<region>.ocir.io/<namespace>/<repository>:<tag>.


質問 # 63
Which TWO are required to access the Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster from the kubectl CLI? (Choose two.)

  • A. An SSH key pair with the public key added to the cluster worker nodes.
  • B. Tiller enabled on the OKE cluster.
  • C. OCI Identity and Access Management (IAM) Auth Token.
  • D. Install and configure the OCI CLI.
  • E. A configured OCI API signing key pair.

正解:D、E

解説:
The correct options are: A configured OCI API signing key pair: The API signing key pair is used for authentication and authorization to access OCI resources, including the OKE cluster. The private key should be configured on your local machine to authenticate API requests. An SSH key pair with the public key added to the cluster worker nodes: This is required for secure SSH access to the worker nodes in the OKE cluster.
You need to generate an SSH key pair and add the public key to the cluster's worker node pool during cluster creation or update. Therefore, the correct options are having a configured OCI API signing key pair and an SSH key pair with the public key added to the cluster worker nodes.


質問 # 64
Your organization is developing serverless applications with Oracle Functions. Many functions will need to store state data in a database, which will require using appropriate credentials. However, your corporate security standards mandate encryption of secret information, such as database passwords. How would you address this security requirement?

  • A. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.
  • B. Use OCI Console to enter the password in the function configuration section in the provided input field.
  • C. Encrypt the password using the OCI Vault service and then decrypt this password in your function code with the generated key.
  • D. Use the OCI Vault service to auto-encrypt the password and then set an application-level configuration variable to reference the auto-decrypted password inside your function container.

正解:C

解説:
The best way to store and use secret information, such as database passwords, in Oracle Functions is to use the OCI Vault service. The OCI Vault service provides encryption and decryption capabilities for sensitive data. You can use the OCI Vault service to encrypt the password and store it as an application-level configuration variable. Then, you can use the generated key to decrypt the password in your function code when you need to access the database. Verified References: Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables


質問 # 65
(CHK_4>2) You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?

  • A. A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version.
  • B. New secret versions automatically expire in 90 days unless you configure an expiry rule.
  • C. You can manually create new secrets as well as new secret versions using the OCI Console:
  • D. A secret reuse rule prevents the use of secret contents across different versions of a secret.

正解:A

解説:
The correct answer is: "A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version." The statement that is NOT valid about managing secrets in the OCI Vault service is: "A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version." In OCI Vault, a secret is identified by its OCID (Oracle Cloud Identifier), which is a unique identifier for each resource in Oracle Cloud Infrastructure. However, when a new secret version is created for an existing secret, the OCID remains the same for the secret itself, but a new OCID is generated for the secret version. This allows you to track and manage different versions of a secret while maintaining a consistent OCID for the secret itself. The other statements mentioned are valid: You can manually create new secrets as well as new secret versions using the OCI Console. This means you have control over creating and managing secrets within the Vault service. A secret reuse rule prevents the use of secret contents across different versions of a secret. This ensures that each secret version maintains its own unique set of contents and avoids accidental reuse or sharing of secrets across versions. By default, new secret versions automatically expire in 90 days unless you configure an expiry rule. This helps enforce good security practices by automatically rotating secrets periodically, reducing the risk of unauthorized access in case of compromise. Therefore, the statement that is NOT valid is the one regarding the uniqueness and consistency of the OCID when creating new secret versions.


質問 # 66
......

更新された2025年04月合格させる1z0-1084-24試験リアル練習テスト問題:https://jp.fast2test.com/1z0-1084-24-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어