OCI Developer Flashcards by José Francisco González Vargas

Which messaging model is supported by the OCI Streaming service for any use case in which data is produced and processed continually and sequentially?

Pub-sub

How well did you know this?

Not at all

Perfectly

You are a Cloud Native developer managing multiple microservices deployed on two different Container Engine for Kubernetes (OKE) clusters within the same Virtual Cloud Network (VCN). Your security teams need to monitor and analyze the network traffic between these microservices to ensure compliance and detect anomalies.

What is the most effective way to achieve this?

Use the OCI Logging service and VCN flow logs.

How well did you know this?

Not at all

Perfectly

Your organization has built a web-based application that has a private REST API endpoint. You have been asked to abstract and expose the endpoint using an appropriate service on Oracle Cloud Infrastructure (OCI).

What will you use to do this?

OCI API Gateway.

How well did you know this?

Not at all

Perfectly

Assume that your function does NOT have the –provisioned-concurrency option enabled.

Which parameter would you use to configure the time period during which an idle function will remain in memory before Oracle Functions removes its container image from memory?

The time period is not configurable.

How well did you know this?

Not at all

Perfectly

You are a Cloud Solutions Architect tasked with securing access to an API deployed on Oracle Cloud Infrastructure (OCI) API Gateway for your company’s internal services. Authentication is a critical aspect of this deployment to ensure that only authorized users and applications can access the API.

Which two are valid authentication methods for accessing an OCI API Gateway endpoint?

JSON Web Token (JWT)
Oauth

How well did you know this?

Not at all

Perfectly

Which two statements are valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service?

OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days.
A stream can be configured with either a public or private endpoint with support for customer-managed encryption keys.

How well did you know this?

Not at all

Perfectly

What is the purpose of message locking in OCI Queue service queues?

To prevent a message that was delivered to a consumer from being processed by any other consumer.

How well did you know this?

Not at all

Perfectly

You’re utilizing Oracle Cloud Infrastructure (OCI) Resource Manager to manage the life cycle of your infrastructure. You desire to be notified via email every time a Terraform action is initiated.

How can you accomplish this using the OCI Events service without the need for coding?

Create an OCI Notification topic with an email subscription, providing the email address for notification. Subsequentially, configure an OCI Events rule matching the condition “Resource Manager Job - Create”, and opt for the notification topic for the corresponding action.

How well did you know this?

Not at all

Perfectly

Which is necessary to access an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster using the kubectl CLI?

A configured OCI API signing key pair.

How well did you know this?

Not at all

Perfectly

What is the maximum memory threshold for a function deployed to an Oracle Functions application?

3072 MB

How well did you know this?

Not at all

Perfectly

Which statement is VALID regarding modifying Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster properties?

You can change the number of worker nodes in a node pool along with the availability domains and subnets in which to place them.

How well did you know this?

Not at all

Perfectly

OCI Functions monitors all deployed functions and collects and reports various metrics.

Which is NOT available when viewing the Application metrics in the OCI Console?

Amount of CPU used by a function.
Amount of RAM used by a function.

How well did you know this?

Not at all

Perfectly

Which OCI service does NOT have resources available as action target to receive an event from the Events service?

Queue

How well did you know this?

Not at all

Perfectly

Which is required before you can push and pull Docker images to and from Oracle Cloud Infrastructure Registry using the Docker CLI?

Auth token

How well did you know this?

Not at all

Perfectly

You have two microservices, A and B, deployed in production. Service A depends on APIs provided by service B. Now, you’re planning to introduce changes to service A but without the need to deploy all of its dependencies, which include service B.

What would be the recommended approach for testing service A under these circumstances?

Use API mocks for testing purposes.

How well did you know this?

Not at all

Perfectly

You are configuring an Oracle Cloud Infrastructure (OCI) API Gateway to handle requests for your microservices architecture. You need to set up various backend integrations to route incoming requests to appropriate services.

Which two are valid backend type options that you can choose when configuring your API Gateway Deployment?

ORACLE_FUNCTIONS_BACKEND
HTTP_BACKEND

How well did you know this?

Not at all

Perfectly

Which statement about deleting a Kubernetes cluster is FALSE?

Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNs, internet gateway, NAT gateways, route tables, security lists, load balancers and block volumes) are deleted automatically.

How well did you know this?

Not at all

Perfectly

You are faced with a scenario where a DevOps team intends to utilize Oracle Cloud Infrastructure (OCI) Vault to store secrets. These secrets will then be injected into an app’s environment variables (for example, DB_PASSWD) during deployment.

Which statement about managing secrets in Oracle Cloud Infrastructure (OCI) Vault is FALSE?

Secret version numbers start at 1 and increment by 2.

How well did you know this?

Not at all

Perfectly

You are tasked with managing deployments on an OCI Container Engine for Kubernetes (OKE) cluster.

Which task is NOT required for setting up cluster access using a local installation of kubectl?

Generate an Auth token from the OCI console.

How well did you know this?

Not at all

Perfectly

Suppose you are leading the development of a collaborative document editing platform, where users can create, edit and share documents in real time. To ensure scalability and flexibility, you decide to architect the platform using microservices.

Which two advantages of microservices would be most beneficial?

Ability to communicate over lightweight APIs.
Can be independently deployed.

How well did you know this?

Not at all

Perfectly

Your team is troubleshooting a Cloud Native application deployed on Oracle Cloud Infrastructure (OCI), utilizing services such as Object Storage, Events, Functions, API Gateway and Autonomous Database.

Which is NOT a valid method for addressing issues encountered in OCI?

Employ OCI Cloud Guard to identify and visualize debug logs generated by the application.

How well did you know this?

Not at all

Perfectly

You are creating a custom Dockerfile to be used for an Oracle Functions container.

Which privilege elevation command is allowed?

No privilege elevations are allowed.

How well did you know this?

Not at all

Perfectly

In Oracle Cloud Infrastructure (OCI) Monitoring, which two metrics are automatically collected and made available by the feature for functions deployed with Oracle Functions?

Number of times a functions is invoked.
Length of time a function runs.

How well did you know this?

Not at all

Perfectly

When deploying a new version of a microservice for testing purposes, how can a developer ensure that 10% of the traffic flows toward it in an OCI Service Mesh environment?

Adjust traffic splitting between the old and new versions of the microservice by adding a new entry in the virtual service route table manifest’s routeRules field, setting the percentage to 10%.

How well did you know this?

Not at all

Perfectly

Which testing technique is used to test a product for performance, usability, load and security in order to overcome any potential risk beforehand?

Non-Functional Testing.

What distinguishes self-managed nodes from managed nodes and virtual nodes in Container Engine for Kubernetes (OKE)?

Self-managed nodes are hosted on compute instances created by a user in the Compute service.

You are building a serverless application on Oracle Cloud Infrastructure (OCI) Functions. You need to trigger a function whenever a new file is uploaded to an Oracle Cloud Storage bucket. How do you do this?

By creating a function that listens for changes to the bucket and triggers on new file uploads.

When starting a container to run an Oracle function, as which user does the container run processes?

OCI Functions uses the fn user to run the processes with no added privileges.

When comparing OCI Queue and OCI Streaming services in Oracle Cloud Infrastructure, which scenario is best suited for using OCI Queue?

Implementing asynchronous communication between microservices with guaranteed message delivery.

You are building a Cloud Native serverless travel application with multiple Oracle Functions in Java, Python and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command helps you complete this task successfully?

fn deploy --app travel-app --all

As a Cloud Native developer, you have deployed a new API for your company's service. Your security team has identified the need to protect your API form potential Distributed Denial-of-Service (DDoS) attacks. You are under a tight deadline and need to implement a solution as quickly as possible. What should you do?

Use the OCI API Gateway service and configure rare limiting.

Your Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) administrator has set up an OKE cluster with a node pool in public subnet. You need to access the compute node to check the system configuration for troubleshooting purposes. Which step should you take to log in to the compute node?

SSH into the node using the private key.

You are developing a real-time monitoring application for a network of IOT devices, which will be deployed on Oracle Cloud Infrastructure (OCI). You need a service to handle the real-time data feeds from the devices. Which is the most appropriate choice for handling real-time data feeds?

OCI Streaming, because it is designed for high-volume, continuous ingestion and processing of data, making it the best choice for a network of IOT devices.

You've decided to utilize a master encryption key (MEK) in an Oracle Cloud Infrastructure (OCI) Vault to encrypt Kubernetes secrets associated with your microservice deployments in OCI Container Engine for Kubernetes (OKE) clusters. This decision enables easy management of key rotation. Which statement is NOT valid regarding rotating keys in the OCI Vault service?

Once rotated, older version keys can be used for encryption until they are deleted.

A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image form a private repository in OCI Registry (OCIR). Which configuration is necessary to provide access to this repository from OKE?

Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret properly in the application deployment manifest.

What is the maximum execution timeout allowed for a function deployed to an Oracle Functions aplication?

5 minutes.

Which aspect of testing should be prioritized when employing test cases that both validate a deployment and execute specific functional tasks?

Robust Deployment

When implementing OCI Service Mesh for an e-commerce application, what distinguishes a virtual deployment from a virtual service?

A virtual deployment represents a collection of instances/pods running a particular version of the microservice, whereas a virtual service represents the microservice as a single entity.

As a developer, you have been asked to develop an e-commerce website for your organization. Your website must support different clients including desktop and mobile browsers, as well as native mobile applications. Which approach should you avoid when building the application if you need to achieve resiliency to architecture changes, deployment independence and easier technology upgrades?

Use a monolithic deployment approach because it makes it easier to incrementally adapt to newer technology.

In the context of monitoring a cloud-based-e-commerce platform, you are configuring event rules in Oracle Cloud Infrastructure (OCI) to trigger actions based on specific events. Which action type is NOT available in an OCI Events rule definition?

You are using Oracle Cloud Infrastructure (OCI) Registry to store the docker container images for your application, and you have been asked to deploy these application images to an existing OKE cluster. How should you handle the specification of the OCI Registry credentials?

Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest.W

Which testing approach optimizes the speed of deployments and releases for cloud-native applications?

Automated testing.

You are designing a serverless application using Oracle Cloud Infrastructure (OCI) Functions and OCI Queue. Your application needs to process user orders asynchronously and scale to handle varying levels of traffic. Which is a valid use case for OCI Queue in your application?

Decoupling order processing form the main application.

You are a developer working on a serverless application using Oracle Cloud Infrastructure (OCI) Functions. You have deployed a function to OCI Functions and want to understand what happens when it is invoked for the first time. What happens when a function is invoked for the first time in OCI Functions?

The function is verified with the IAM service and then executed.

Your application team has developed an Oracle Function that generates static pages during the function call. They want to use it for all the regions of your company in such a way that every regional URL will hit the same application endpoint. How would you achieve this using the Oracle Cloud Infrastructure (OCI) API Gateway?

Create a deployment adding path parameters and wildcards to route paths.

You are an architect designing a serverless application using OCI Functions. Your application needs to be highly available and resilient, with the ability to scale and handle varying levels of traffic. You want to ensure that function executions are isolated from each other and can access shared resources as needed. Which configuration would best meet the requirements for your serverless application on OCI Functions?

Deploy functions in a single application, with a regional subnet spanning multiple availability domains.

As a developer, you are tasked with implementing logging in your services that will be running on the Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE). Which statement describes the appropriate logging approach?

All services log to standard output only.

Your DevOps team has tasked you with updating the network configuration of an Oracle Kubernetes Engine (OKE) cluster to enhance security. The goal is to minimize the cluster's attack surface by restricting unnecessary public access, while still ensuring that the deployed applications remain accessible from the Internet. Which network configuration best meets these requirements?

Configure private subnets for the worker nodes and the Kubernetes API endpoint, while placing the load balancers in public subnets.

You're designing a transportation management system for a logistics company. Each component of the system needs to be designed to meet specific criteria to ensure efficiency and scalability. Which criteria is NOT typically associated with a microservice?

Tightly coupled.

Which statement is VALID regarding the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to an OCI Streaming service stream?

The request must include a valid Authorization header.

Which condition is considered a benefit when a team decouples monolithic components and converts them into a microservices-based architecture?

An increase in the number of scalability options.

As a developer, you are tasked with utilizing some of the capabilities of the cloud such as higher availability and scalability, but you cannot completely redesign your application to use cloud services.

Cloud Enabled.

Which is best defined as a "combination of development and operations brought together to create a unified infrastructure designed to maximize productivity"?

DevOps

Which container runtime is NOT compliant with the Cloud Native Computing Foundation (CNCF)?

Firecracker

Which statement concerning the OCI Code Editor is FALSE?

Code Editor can be downloaded as a client desktop tool linked to your OCI account.

How does containerization differ from traditional virtualization in terms of resource utilization?

Containers share the host operating system kernel, thus optimizing resource utilization.

As a Cloud Engineer, you are asked to manage the OCI Container Registry, which hosts Docker container images. You are directed to delete all the images within a tenancy region that have not been pulled for over hours to avoid billing charges for the storage space they consume. How you achieve this?

Set up a global image retention policy to delete images automatically based on selection criteria.

You have pushed a Docker image to your Container Registry repository in Oracle Cloud Infrastructure (OCI). You now want to get that image onto your local machine so that you can run it locally. Which command should you use?

docker pull .ocir.io//:

Consider the following structure: .ocir.io//: Which term best describes it?

Image path

You are creating a Docker image for your web application. You want to specify the base image to be used as a starting point for your application's image. Which instruction in the Dockerfile would you use to accomplish this?

FROM

What is the role of the container engine in containerization technology?

Manages the creation, deployment and execution of containers.

Which command is used to push a Docker image to a Docker registry?

docker push

You are a DevOps engineer responsible for managing the container images stored in your team's Oracle Cloud Infrastructure Registry (OCIR) repository. One of your team members accidentally deletes an important container image from the repository. You need to recover the image as soon as possible. How long does it take for an image from OCIR to be permanently deleted?

48 hours.

Which command is used to remove a Docker image?

docker rmi

You are a DevOps engineer working on a project hosted on Oracle Cloud Infrastructure (OCI). Your teams needs to securely access Docker images stored in the OCI Registry (OCIR) without exposing them to the public internet. How does OCIR enhance security for users in this scenario?

By offering private access through a service gateway, ensuring secure access within the Virtual Cloud Network (VCN) without exposing resources to the public internet.

How can you access a Kubernetes cluster with a private API endpoint from a local terminal?

By configuring a bastion using the Oracle Cloud Infrastructure Bastion service.

Kubernetes is an open-source platform designed for automating the deployment, scaling and management of containerized applications.

Kubernetes aims to streamline the process of container orchestration, ensuring efficient deployment and management of containerized applications across a cluster of machines.

Which step is required before connecting to a managed node in a public subnet using SSH?

Defining an ingress rule in the network security group to allow TCP traffic for port 22 from source 0.0.00/0

As a Kubernetes administrator, you are tasked with setting up local access to a Kubernetes cluster with a private API endpoint. Which step is involved in the setup process?

Setting up a bastion using the Oracle Cloud Infrastructure Bastion service.

You are tasked with deploying a new application in a Kubernetes cluster on Oracle Cloud Infrastructure. The application requires high scalability, with automatic scaling of resources to accommodate varying workload demands. Additionally, you want to minimize the operational overhead of managing cluster capacity and infrastructure upgrades. Which type of nodes should you choose for your deployment?

Virtual nodes.

You are a DevOps engineer tasked with setting up a new OKE cluster for your organization's Kubernetes applications. Which statement is NOT true about the preparation process?

Container Engine for Kubernetes cannot use existing network resources for the creation of a new cluster.

As a DevOps Engineer working on an OKE cluster, which file provides you access details to the OKE cluster?

Kubeconfig

A DevOps engineer is asked to access an Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster to deploy new applications and manage existing ones. Which two statements are NOT true?

- To access the cluster using kubectl, you have to set up a Kubernetes manifest file for the cluster. The kubeconfig file, by default, is named config and it is stored in the $HOME/.manifest directory. -The only available option when a cluster's Kubernetes API endpoint has a public IP address is to control the cluster locally using kubectl and the Kubernetes dashboard.

Within the architecture of Kubernetes, various components collaborate to manage containerized workloads efficiently. Which component is NOT a core part of the Kubernetes architecture?

Docker Swarm, an alternative container orchestration platform developed by Docker Inc.

Which statement about managed Kubernetes in OCI is true?

OCI's managed Kubernetes service supports both stateful and stateless applications.

Which statement is true about virtual nodes?

Virtual nodes support only VCN-native Pod Networking and the flannel CNI plugin is not supported.

Which statement is true about virtual nodes in a serverless Kubernetes model?

Virtual nodes eliminate operational overhead of traditional container hosts by shifting to a serverless Kubernetes model that uses a fully managed virtual kubelet and OCI container instances.

Which Kubernetes resource object is used to define how many replicas of a pod should be created?

Deployment.

Which is an open-source container management tool that is responsible for container deployment, scaling and descaling of containers and load balancing?

Kubernetes.

As part of meshifying the E-commerce application, you need to create a virtual deployment and a virtual service in the OCI Service Mesh. Which statement best describes the difference between a virtual deployment and a virtual service in this context?

A virtual deployment is a group of instances/pods running a specific version of the actual microservice, whereas a virtual service is a single representation of the microservice.

Which statement about ingress gateway route tables in OCI Service Mesh is FALSE?

They map a group of instances or pods running a specific version of the actual microservice.

Which statement about OCI Service Mesh is true?

OCI Service Mesh provides a way to connect and manage microservices in a distributed environment.

Which statement is TRUE about a virtual service deployment binding in OCI Service Mesh?

It enables automatic sidecar injection and pod discovery for proxy software.

What is the primary purpose of OCI Service Mesh?

To provide a way to manage network traffic between Kubernetes service.

Which statement is NOT true regarding Oracle Functions?

Additional configuration parameters can be specified as environment variables; however, they must be specified at the function application scope.

What is the primary purpose of Oracle Cloud Infrastructure (OCI) Functions?

To create, run and scale business logic without managing any infrastructure.

Which programming language is NOT currently available as an Fn Project Function Development Kit (FDK) supported by Oracle Functions?

PHP

Which is the correct description of an Oracle Functions application?

A logical group of functions with a common context to store configuration variables that are available to all functions in the application.

Your Oracle Function deployed to an application in a private subnet needs to access other OCI services. Which additional service is required?

Service Gateway.

In Oracle Functions, what is the relationship between functions and applications?

Multiple functions can be deployed in a single application.

What is the best practice for grouping functions in OCI Functions?

Grouping functions in separate applications for better isolation?

You are a developer setting up your OCI Functions development environment. You have three options to choose from: Cloud Shell, a local machine or an Oracle Cloud Infrastructure compute instance.

Setting up Cloud Shell.

Which is NOT a runtime context variable that is available when configuring an API Gateway deployment?

request.client

When configuring the transformation of HTTP responses for an API Gateway deployment, which option is NOT available?

Updating a query string.

Which three statements are true when configuring an API gateway in OCI?

- A VCN must exist before creating an API gateway. -API gateway instances can run on separate Availability domains. -API gateway instances can run on separate Fault domains.

Which statement concerning API Gateway deployment authentication server options is NOT valid?

Each deployment requires one or more authentication servers.

Which statement concerning OCI API Gateway deployments is TRUE?

A deployment configuration can use a Java Web Token (JWT) or an Authorizer Function for client token validations.

Which programming languages are supported by OCI Streaming SDK for building streaming applications?

Java, C# and Go

Which statement is NOT true about the OCI Streaming service?

Messages sent to a stream must be in a JSON format structure.

Which is NOT a valid option when configuring an OCI Service Connector with OCI Streaming?

Sending data from Object Storage buckets to a stream.

Which is the best use case for sing OCI Streaming?

Storing and processing real-time data streams

Which is a pointer to a location in a stream?

Cursor

Which use case is NOT a suitable scenario for using an OCI queue?

Synchronous communication between two application components.

What is the purpose of using the UpdateMessage or UpdateMessages using an OCI queue?

To update the message's visibility timeout after it has been received.

What is the purpose of message locking in OCI queues?

To prevent a message that was delivered to a consumer from being processed by any other consumer.

Which setting in OCI Queue CANNOT be changed after the queue has been created?

Maximum retention period for messages in the queue.

How long does a message remain in the dead letter queue in OCI queue before it is automatically deleted by the service?

When the maximum retention period has been reached.

Which gateway is used by OCI resources to support private access to the OCI Events service?

Service Gateway.

Which Scenario best describes a use case for using OCI Events?

Scaling an Autonomous Database instance based on application demand.

When creating OCI Events rules, which is NOT a valid rule design consideration?

Each rule must be based on only one configured condition.

Which statement accurately describes the contents of an OCI (Oracle Cloud Infrastructure) Event?

An OCI Event is a structured JSON object that contains information about a change that occurred within the OCI Infrastructure.

Which is NOT available as an OCI Events service rule destination?

OCI Monitoring

Which statement is NOT true regarding the use of a master encryption key (MEK) in the OCI Vault service?

Your vault must specify only one valid MEK version at a time.

Which testing technique is used to test the communication paths and interactions between individual service components or between service components and some external services/systems/data store?

Integration Testing

Which testing measure should be considered when testing for traffic routing during overloading and the effect of load balancing on overall performance?

Resiliency

You are creating a custom Dockerfile to be used for an Oracle Functions container. Which privilege elevation command is allowed?

No privilege elevations are allowed.

You have created a new compartment called "apps" to host some production applications. You have also created a group called "apps_group" and add users to it. What would you do to ensure those users can access the apps compartment?

Add an IAM policy for apps_group granting access to the apps compartment.

Which three types of logs can be made available of the OCI logging service

- Custom Logs - Service Logs - Audit Logs

Which is a valid description of the OCI Logging service?

Ensures secure management of audit, infrastructure, database and application logs.

Which statement about Oracle Functions monitoring and troubleshooting is NOT true?

Oracle Function invocation logging is enabled by default.

OCI Developer Flashcards

(121 cards)