1z0-1084-22 Actual Questions Answers Pass With Real 1z0-1084-22 Exam Dumps
1z0-1084-22 Dumps Prepare Your Exam With 75 Questions
Oracle 1z0-1084-22 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
NEW QUESTION 15
You have written a Node.js function and deployed it to Oracle Functions. Next, you need to call this function from a microservice written in Java deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE).
Which can help you to achieve this?
- A. Use the OCI Java SDK to invoke the function from the microservice.
- B. Use the OCI CLI with kubect1 to invoke the function from the microservice.
- C. OKE does not allow a microservice to invoke a function from Oracle Functions.
- D. Oracle Functions does not allow a microservice deployed on OKE to invoke a function.
Answer: A
Explanation:
Invoking Functions
You can invoke a function that you've deployed to Oracle Functions in different ways:
1. Using the Fn Project CLI.
2. Using the Oracle Cloud Infrastructure CLI.
3. Using the Oracle Cloud Infrastructure SDKs.
4. Making a signed HTTP request to the function's invoke endpoint. Every function has an invoke endpoint.
Using the Fn Project CLI to Invoke Functions
To invoke a function deployed to Oracle Functions using the Fn Project CLI:
Log in to your development environment as a functions developer.
In a terminal window, enter:
$ fn invoke <app-name> <function-name>
Using SDKs to Invoke Functions:
If you're writing a program to invoke a function in a language for which an Oracle Cloud Infrastructure SDK exists, Oracle recommends you use that SDK to send API requests to invoke the function. Among other things, the SDK will facilitate Oracle Cloud Infrastructure authentication.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsinvokingfunctions.htm
NEW QUESTION 16
In the sample Kubernetes manifest file below, what annotations should you add to create a private load balancer In oracle Cloud infrastructure Container Engine for Kubermetes?
A)
B)
C)
D)
- A. Option A
- B. Option C
- C. Option D
- D. Option B
Answer: C
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingloadbalancer.htm?TocPath=Services%7CExample%20Network%20Resource%20Configuration%7CUpgrading%20the%20Version%20of%20Kubernetes%20Running%20on%20a%20Master%20Node%7C_____2 Creating Internal Load Balancers in Public and Private Subnets You can create Oracle Cloud Infrastructure load balancers to control access to services running on a cluster:
When you create a 'custom' cluster, you select an existing VCN that contains the network resources to be used by the new cluster. If you want to use load balancers to control traffic into the VCN, you select existing public or private subnets in that VCN to host the load balancers.
When you create a 'quick cluster', the VCN that's automatically created contains a public regional subnet to host a load balancer. If you want to host load balancers in private subnets, you can add private subnets to the VCN later.
Alternatively, you can create an internal load balancer service in a cluster to enable other programs running in the same VCN as the cluster to access services in the cluster. You can host internal load balancers in public subnets and private subnets.
To create an internal load balancer hosted on a public subnet, add the following annotation in the metadata section of the manifest file:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
To create an internal load balancer hosted on a private subnet, add both following annotations in the metadata section of the manifest file:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid1.subnet.oc1..aaaaaa....vdfw" where ocid1.subnet.oc1..aaaaaa....vdfw is the OCID of the private subnet.
NEW QUESTION 17
You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification.
What is the correct value for type?
- A. HTTP_BACKEND
- B. CONSTANT_BACKEND
- C. JSON_BACKEND
- D. STOCK_RESPONSE_BACKEND
Answer: D
Explanation:
Adding Stock Responses as an API Gateway Back End:
You'll often want to verify that an API has been successfully deployed on an API gateway without having to set up an actual back-end service. One approach is to define a route in the API deployment specification that has a path to a 'dummy' back end. On receiving a request to that path, the API gateway itself acts as the back end and returns a stock response you've specified.
Equally, there are some situations in a production deployment where you'll want a particular path for a route to consistently return the same stock response without sending a request to a back end. For example, when you want a call to a path to always return a specific HTTP status code in the response.
Using the API Gateway service, you can define a path to a stock response back end that always returns the same:
HTTP status code
HTTP header fields (name-value pairs)
content in the body of the response
"type": "STOCK_RESPONSE_BACKEND" indicates that the API gateway itself will act as the back end and return the stock response you define (the status code, the header fields and the body content).
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayaddingstockresponses.htm
NEW QUESTION 18
Which two are characteristics of microservices?
- A. All microservices share a data store.
- B. Microservices communicate over lightweight APIs.
- C. Microservices are hard to test in isolation.
- D. Microservices can be independently deployed.
- E. Microservices can be implemented in limited number of programming languages.
Answer: B,D
Explanation:
Learn About the Microservices Architecture
If you want to design an application that is multilanguage, easily scalable, easy to maintain and deploy, highly available, and that minimizes failures, then use the microservices architecture to design and deploy a cloud application.
In a microservices architecture, each microservice owns a simple task, and communicates with the clients or with other microservices by using lightweight communication mechanisms such as REST API requests.
The following diagram shows the architecture of an application that consists of multiple microservices.
Microservices enable you to design your application as a collection of loosely coupled services. Microservices follow the share-nothing model, and run as stateless processes. This approach makes it easier to scale and maintain the application.
The API layer is the entry point for all the client requests to a microservice. The API layer also enables the microservices to communicate with each other over HTTP, gRPC, and TCP/UDP.
The logic layer focuses on a single business task, minimizing the dependencies on the other microservices. This layer can be written in a different language for each microservice.
The data store layer provides a persistence mechanism, such as a database storage engine, log files, and so on. Consider using a separate persistent data store for each microservice.
Typically, each microservice runs in a container that provides a lightweight runtime environment.
Loosely coupled with other services - enables a team to work independently the majority of time on their service(s) without being impacted by changes to other services and without affecting other services
References:
https://docs.oracle.com/en/solutions/learn-architect-microservice/index.html
https://microservices.io/patterns/microservices.html
https://www.techjini.com/blog/microservices/
NEW QUESTION 19
Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?
- A. date or x-date
- B. content-type
- C. host
- D. (request-target)
Answer: B
Explanation:
Authorization Header
The Oracle Cloud Infrastructure signature uses the "Signature" Authentication scheme (with an Authorization header), and not the Signature HTTP header.
This section describes the headers that must be included in the signing string:
For GET and DELETE requests (when there's no content in the request body), the signing string must include at least these headers:
(request-target)
host
date or x-date (if both are included, Oracle uses x-date)
For PUT and POST requests (when there's content in the request body), the signing string must include at least these headers:
(request-target)
host
date or x-date (if both are included, Oracle uses x-date)
x-content-sha256 (except for Object Storage PUT requests; see the next section) content-type content-length References:
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm
NEW QUESTION 20
What is the difference between blue/green and canary deployment strategies?
- A. In blue/green, both old and new applications are in production at the same time. In canary, application is deployed Incrementally to a select group of people.
- B. In blue/green, current applications are slowly replaced with new ones. In canary, both old and new applications are In production at the same time.
- C. In blue/green, application Is deployed In minor increments to a select group of people. In canary, both old and new applications are simultaneously in production.
- D. In blue/green, current applications are slowly replaced with new ones. In < MW y, Application ll deployed incrementally to a select group of people.
Answer: A
Explanation:
Blue-green deployment is a technique that reduces downtime and risk by running two identical production environments called Blue and Green. At any time, only one of the environments is live, with the live environment serving all production traffic. For this example, Blue is currently live and Green is idle.
https://docs.cloudfoundry.org/devguide/deploy-apps/blue-green.html
Canary deployments are a pattern for rolling out releases to a subset of users or servers. The idea is to first deploy the change to a small subset of servers, test it, and then roll the change out to the rest of the servers. ... Canaries were once regularly used in coal mining as an early warning system.
https://octopus.com/docs/deployment-patterns/canary-deployments
NEW QUESTION 21
You have created a repository in Oracle Cloud Infrastructure Registry in the us-ashburn-1 (iad) region in your tenancy with a namespace called "heyci.
Which three are valid tags for an image named "myapp"?
- A. us-ashburn-l.ocirJo/heyoci/myapp:0.0.2-beta
- B. iad.ocir.io/myproject/heyoci/myapprlatest
- C. us-ashburn-l.ocir.io/myproject/heyoci/myapp:latest
- D. iad.ocir.io/heyoci/myproject/myapp:0.0.1
- E. us-ashburn-l.ocir.io/heyoci/myproject/myapp:0.0.2-beta
- F. iad.ocir.io/heyoci/myapp:latest
- G. iad.ocir.io/heyoci/myapp:0.0.2-beta
Answer: D,F,G
Explanation:
Give a tag to the image that you're going to push to Oracle Cloud Infrastructure Registry by entering:
docker tag <image-identifier> <target-tag>
where:
<image-identifier> uniquely identifies the image, either using the image's id (for example, 8e0506e14874), or the image's name and tag separated by a colon (for example, acme-web-app:latest).
<target-tag> is in the format <region-key>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag> where:
<region-key> is the key for the Oracle Cloud Infrastructure Registry region you're using. For example, iad. See Availability by Region.
ocir.io is the Oracle Cloud Infrastructure Registry name.
<tenancy-namespace> is the auto-generated Object Storage namespace string of the tenancy that owns the repository to which you want to push the image (as shown on the Tenancy Information page). For example, the namespace of the acme-dev tenancy might be ansh81vru1zp. Note that for some older tenancies, the namespace string might be the same as the tenancy name in all lower-case letters (for example, acme-dev). Note also that your user must have access to the tenancy.
<repo-name> (if specified) is the name of a repository to which you want to push the image (for example, project01). Note that specifying a repository is optional (see About Repositories).
<image-name> is the name you want to give the image in Oracle Cloud Infrastructure Registry (for example, acme-web-app).
<tag> is an image tag you want to give the image in Oracle Cloud Infrastructure Registry (for example, version2.0.test).
For example, for convenience you might want to group together multiple versions of the acme-web-app image in the acme-dev tenancy in the Ashburn region into a repository called project01. You do this by including the name of the repository in the image name when you push the image, in the format <region-key>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>. For example, iad.ocir.io/ansh81vru1zp/project01/acme-web-app:4.6.3. Subsequently, when you use the docker push command, the presence of the repository in the image's name ensures the image is pushed to the intended repository.
If you push an image and include the name of a repository that doesn't already exist, a new private repository is created automatically. For example, if you enter a command like docker push iad.ocir.io/ansh81vru1zp/project02/acme-web-app:7.5.2 and the project02 repository doesn't exist, a private repository called project02 is created automatically.
If you push an image and don't include a repository name, the image's name is used as the name of the repository. For example, if you enter a command like docker push iad.ocir.io/ansh81vru1zp/acme-web-app:7.5.2 that doesn't contain a repository name, the image's name (acme-web-app) is used as the name of a private repository.
https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Concepts/registrywhatisarepository.htm
NEW QUESTION 22
Which two statements are true for service choreography?
- A. Service choreographer is responsible for invoking other services.
- B. Services involved in choreography communicate through messages/messaging systems.
- C. Service choreography should not use events for communication.
- D. Service choreography relies on a central coordinator.
- E. Decision logic in service choreography is distributed.
Answer: B,E
Explanation:
Service Choreography
Service choreography is a global description of the participating services, which is defined by exchange of messages, rules of interaction and agreements between two or more endpoints. Choreography employs a decentralized approach for service composition. the decision logic is distributed, with no centralized point.
Choreography, in contrast, does not rely on a central coordinator. and all participants in the choreography need to be aware of the business process, operations to execute, messages to exchange, and the timing of message exchanges.
References:
https://stackoverflow.com/questions/4127241/orchestration-vs-choreography/33316988
NEW QUESTION 23
Which two statements accurately describe Oracle SQL Developer Web on Oracle Cloud Infrastructure (OCI) Autonomous Database?
- A. It is available for databases with both dedicated and shared Exadata infrastructure.
- B. It must be enabled via OCI Identity and Access Management policy to get access to the Autonomous Databases instances.
- C. After provisioning into an OCI compute Instance, it can automatically connect to the OCI Autonomous Databases instances.
- D. It is available for databases with dedicated Exadata infrastructure only.
- E. It provides a development environment and a data modeler interface for OCI Autonomous Databases.
Answer: D,E
Explanation:
Oracle SQL Developer Web
Oracle SQL Developer Web in Autonomous Data Warehouse provides a development environment and a data modeler interface for Autonomous Databases. SQL Developer Web is available for databases with both dedicated Exadata infrastructure and shared Exadata infrastructure.
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/adbtools.htm
NEW QUESTION 24
Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?
- A. Streaming
- B. Functions
- C. Email
- D. Notifications
- E. Slack
Answer: C,E
Explanation:
Overview of Events
Oracle Cloud Infrastructure Events enables you to create automation based on the state changes of resources throughout your tenancy. Use Events to allow your development teams to automatically respond when a resource changes its state.
Event Rules must also specify an action to trigger when the filter finds a matching event. Actions are responses you define for event matches. You set up select Oracle Cloud Infrastructure services that the Events service has established as actions. The resources for these services act as destinations for matching events. When the filter in the rule finds a match, the Events service delivers the matching event to one or more of the destinations you identified in the rule. The destination service that receives the event then processes the event in whatever manner you defined. This delivery provides the automation in your environment.
You can only deliver events to certain Oracle Cloud Infrastructure services with a rule. Use the following services to create actions:
Notifications
Streaming
Functions
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Events/Concepts/eventsoverview.htm
NEW QUESTION 25
Which concepthe following steps reference Console instructionsCloud Infrastructure Resource Manager?
- A. Queue
- B. Stack
- C. Plan
- D. Job
Answer: A
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm Following are brief descriptions of key concepts and the main components of Resource Manager.
CONFIGURATION
Information to codify your infrastructure. A Terraform configuration can be either a solution or a file that you write and upload.
JOB
Instructions to perform the actions defined in your configuration. Only one job at a time can run on a given stack; further, you can have only one set of Oracle Cloud Infrastructure resources on a given stack. To provision a different set of resources, you must create a separate stack and use a different configuration.
Resource Manager provides the following job types:
Plan: Parses your Terraform configuration and creates an execution plan for the associated stack. The execution plan lists the sequence of specific actions planned to provision your Oracle Cloud Infrastructure resources. The execution plan is handed off to the apply job, which then executes the instructions.
Apply. Applies the execution plan to the associated stack to create (or modify) your Oracle Cloud Infrastructure resources. Depending on the number and type of resources specified, a given apply job can take some time. You can check status while the job runs.
Destroy. Releases resources associated with a stack. Released resources are not deleted. For example, terminates a Compute instance controlled by a stack. The stack's job history and state remain after running a destroy job. You can monitor the status and review the results of a destroy job by inspecting the stack's log files.
Import State. Sets the provided Terraform state file as the current state of the stack. Use this job to migrate local Terraform environments to Resource Manager.
STACK
The collection of Oracle Cloud Infrastructure resources corresponding to a given Terraform configuration. Each stack resides in the compartment you specify, in a single region; however, resources on a given stack can be deployed across multiple regions. An OCID is assigned to each stack.
the following steps reference Console instructions
Create a Terraform configuration.
Create a stack.
Run a plan job, which produces an execution plan.
Review the execution plan.
If changes are needed in the execution plan, update the configuration and run a plan job again.
Run an apply job to provision resources.
Review state file and log files, as needed.
You can optionally reapply your configuration, with or without making changes, by running an apply job again.
Optionally, to release the resources running on a stack, run a destroy job.
NEW QUESTION 26
Which statement accurately describes Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI Container Engine for Kubernetes (OKE)?
- A. OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with LoadBalancer type in the YAML configuration.
- B. OCI Load Balancer instance must be manually provisioned for each Kubernetes service that requires traffic balancing.
- C. OKE service provisions an OCI Load Balancer instance for each Kubernetes service with LoadBalancer type in the YAML configuration.
- D. OCI Load Balancer instance provisioning is triggered by OCI Events service for each Kubernetes service with LoadBalancer type in the YAML configuration.
Answer: A
Explanation:
If you are running your Kubernetes cluster on Oracle Container Engine for Kubernetes (commonly known as OKE), you can have OCI automatically provision load balancers for you by creating a Service of type LoadBalancer instead of (or in addition to) installing an ingress controller like Traefik or Voyage YAML file
When you apply this YAML file to your cluster, you will see the new service is created. After a short time (typically less than a minute) the OCI Load Balancer will be provisioned.
https://oracle.github.io/weblogic-kubernetes-operator/faq/oci-lb/
NEW QUESTION 27
A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster Which rule can you use to prevent a container from running as root using PSP?
- A. MustRunAsNonRoot
- B. RunOnlyAsUser
- C. forbiddenRoot
- D. NoPrivilege
Answer: A
Explanation:
What is a Pod Security Policy?
A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields. They allow an administrator to control the following:
Privilege Escalation
These options control the allowPrivilegeEscalation container option. This bool directly controls whether the no_new_privs flag gets set on the container process. This flag will prevent setuid binaries from changing the effective user ID, and prevent files from enabling extra capabilities (e.g. it will prevent the use of the ping tool). This behavior is required to effectively enforce MustRunAsNonRoot.
example:
# Require the container to run without root privileges.
rule: 'MustRunAsNonRoot'
Reference:
https://kubernetes.io/docs/concepts/policy/pod-security-policy/
NEW QUESTION 28
Which two statements accurately describe an Oracle Functions application?
- A. A logical group of functions
- B. A Docker image containing all the functions that share the same configuration
- C. A common context to store configuration variables that are available to all functions in the application
- D. A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service
- E. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services
Answer: A,C
Explanation:
Oracle Functions Concepts:
This topic describes key concepts you need to understand when using Oracle Functions.
Applications:
In Oracle Functions, an application is:
1. a logical grouping of functions
2. a common context to store configuration variables that are available to all functions in the application
3. a way to ensure function runtime isolation
When you define an application in Oracle Functions, you specify the subnets in which to run the functions in the application. When functions from different applications are invoked simultaneously, Oracle Functions ensures these function executions are isolated from each other.
Oracle Functions shows applications and their functions in the Console.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsconcepts.htm
NEW QUESTION 29
What is the minimum amount of storage that a persistent volume claim can obtain In Oracle Cloud Infrastructure Container Engine for Kubemetes (OKE)?
- A. 1 TB
- B. 50 GB
- C. 10 GB
- D. 1 GB
Answer: B
Explanation:
Provisioning Persistent Volume Claims on the Block Volume Service:
Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of 50 gigabytes.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengprerequisites.htm
NEW QUESTION 30
Which two are benefits of distributed systems?
- A. Resiliency
- B. Privacy
- C. Ease of testing
- D. Scalability
- E. Security
Answer: A,D
Explanation:
distributed systems of native-cloud like functions that have a lot of benefit like Resiliency and availability Resiliency and availability refers to the ability of a system to continue operating, despite the failure or sub-optimal performance of some of its components.
In the case of Oracle Functions:
The control plane is a set of components that manages function definitions.
The data plane is a set of components that executes functions in response to invocation requests.
For resiliency and high availability, both the control plane and data plane components are distributed across different availability domains and fault domains in a region. If one of the domains ceases to be available, the components in the remaining domains take over to ensure that function definition management and execution are not disrupted.
When functions are invoked, they run in the subnets specified for the application to which the functions belong. For resiliency and high availability, best practice is to specify a regional subnet for an application (or alternatively, multiple AD-specific subnets in different availability domains). If an availability domain specified for an application ceases to be available, Oracle Functions runs functions in an alternative availability domain.
Concurrency and Scalability
Concurrency refers to the ability of a system to run multiple operations in parallel using shared resources. Scalability refers to the ability of the system to scale capacity (both up and down) to meet demand.
In the case of Functions, when a function is invoked for the first time, the function's image is run as a container on an instance in a subnet associated with the application to which the function belongs. When the function is executing inside the container, the function can read from and write to other shared resources and services running in the same subnet (for example, Database as a Service). The function can also read from and write to other shared resources (for example, Object Storage), and other Oracle Cloud Services.
If Oracle Functions receives multiple calls to a function that is currently executing inside a running container, Oracle Functions automatically and seamlessly scales horizontally to serve all the incoming requests. Oracle Functions starts multiple Docker containers, up to the limit specified for your tenancy. The default limit is 30 GB of RAM reserved for function execution per availability domain, although you can request an increase to this limit. Provided the limit is not exceeded, there is no difference in response time (latency) between functions executing on the different containers.
NEW QUESTION 31
Your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purpose.
Which step should you take to obtain the log file?
- A. ssh into the node using public key.
- B. It is impossible since OKE is a managed Kubernetes service.
- C. ssh into the nodes using private key.
- D. Use the username open and password to login.
Answer: C
Explanation:
Kubernetes cluster is a group of nodes. The nodes are the machines running applications. Each node can be a physical machine or a virtual machine. The node's capacity (its number of CPUs and amount of memory) is defined when the node is created. A cluster comprises:
- one or more master nodes (for high availability, typically there will be a number of master nodes)
- one or more worker nodes (sometimes known as minions)
Connecting to Worker Nodes Using SSH
If you provided a public SSH key when creating the node pool in a cluster, the public key is installed on all worker nodes in the cluster. On UNIX and UNIX-like platforms (including Solaris and Linux), you can then connect through SSH to the worker nodes using the ssh utility (an SSH client) to perform administrative tasks.
Note the following instructions assume the UNIX machine you use to connect to the worker node:
Has the ssh utility installed.
Has access to the SSH private key file paired with the SSH public key that was specified when the cluster was created.
How to connect to worker nodes using SSH depends on whether you specified public or private subnets for the worker nodes when defining the node pools in the cluster.
Connecting to Worker Nodes in Public Subnets Using SSH
Before you can connect to a worker node in a public subnet using SSH, you must define an ingress rule in the subnet's security list to allow SSH access. The ingress rule must allow access to port 22 on worker nodes from source 0.0.0.0/0 and any source port To connect to a worker node in a public subnet through SSH from a UNIX machine using the ssh utility:
1- Find out the IP address of the worker node to which you want to connect. You can do this in a number of ways:
Using kubectl. If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. See Setting Up Cluster Access. Then in a terminal window, enter kubectl get nodes to see the public IP addresses of worker nodes in node pools in the cluster.
Using the Console. In the Console, display the Cluster List page and then select the cluster to which the worker node belongs. On the Node Pools tab, click the name of the node pool to which the worker node belongs. On the Nodes tab, you see the public IP address of every worker node in the node pool.
Using the REST API. Use the ListNodePools operation to see the public IP addresses of worker nodes in a node pool.
2- In the terminal window, enter ssh opc@<node_ip_address> to connect to the worker node, where <node_ip_address> is the IP address of the worker node that you made a note of earlier. For example, you might enter ssh [email protected].
Note that if the SSH private key is not stored in the file or in the path that the ssh utility expects (for example, the ssh utility might expect the private key to be stored in ~/.ssh/id_rsa), you must explicitly specify the private key filename and location in one of two ways:
Use the -i option to specify the filename and location of the private key. For example, ssh -i ~/.ssh/my_keys/my_host_key_filename [email protected] Add the private key filename and location to an SSH configuration file, either the client configuration file (~/.ssh/config) if it exists, or the system-wide client configuration file (/etc/ssh/ssh_config). For example, you might add the following:
Host 192.0.2.254 IdentityFile ~/.ssh/my_keys/my_host_key_filename
For more about the ssh utility's configuration file, enter man ssh_config Note also that permissions on the private key file must allow you read/write/execute access, but prevent other users from accessing the file. For example, to set appropriate permissions, you might enter chmod 600 ~/.ssh/my_keys/my_host_key_filename. If permissions are not set correctly and the private key file is accessible to other users, the ssh utility will simply ignore the private key file.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconnectingworkernodesusingssh.htm
NEW QUESTION 32
You are a consumer of Oracle Cloud Infrastructure (OCI) Streaming service. Which API should you use to read and process the stream?
- A. GetObject
- B. GetMessages
- C. ListMessages
- D. ReadMessages
Answer: B
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Streaming/Concepts/streamingoverview.htm
NEW QUESTION 33
A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use In this scenario?
- A. Create an authorizer function using OCI Identity and Access Management based authentication
- B. Create an authorizer function using request header authorization.
- C. Create an authorizer function using token-based authorization.
- D. Create a cross account functions authorizer.
Answer: B
Explanation:
Using Authorizer Functions to Add Authentication and Authorization to API Deployments:
You can control access to APIs you deploy to API gateways using an 'authorizer function' (as described in this topic), or using JWTs (as described in Using JSON Web Tokens (JWTs) to Add Authentication and Authorization to API Deployments).
You can add authentication and authorization functionality to API gateways by writing an 'authorizer function' that:
1. Processes request attributes to verify the identity of a caller with an identity provider.
2.Determines the operations that the caller is allowed to perform.
3.Returns the operations the caller is allowed to perform as a list of 'access scopes' (an 'access scope' is an arbitrary string used to determine access).
Optionally returns a key-value pair for use by the API deployment. For example, as a context variable for use in an HTTP back end definition (see Adding Context Variables to Policies and HTTP Back End Definitions).
Create an authorizer function using request header authorization implemented using a custom scheme which accepts string parameters from the API caller.
Managing Input Parameters
In our case we will need to manage quite a few static parameters in our code. For example the URLs of the secrets service endpoints, the username and other constant parameterised data. We can manage these either at Application or Function level (an OCI Function is packaged in an Application which can contain multiple Functions). In this case I will create function level parameters. You can use the following command to create the parameters:
fn config function test idcs-assert idcsClientId aedc15531bc8xxxxxxxxxxbd8a193
References:
https://technology.amis.nl/2020/01/03/oracle-cloud-api-gateway-using-an-authorizer-function-for-client-secret-authorization-on-api-access/
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayusingauthorizerfunction.htm
https://www.ateam-oracle.com/how-to-implement-an-oci-api-gateway-authorization-fn-in-nodejs-that-accesses-oci-resources
NEW QUESTION 34
A service you are deploying to Oracle infrastructure (OCI) Container En9ine for Kubernetes (OKE) uses a docker image from a private repository Which configuration is necessary to provide access to this repository from OKE?
- A. Add a generic secret on the cluster containing your identity credentials. Then specify a registrycredentials property in the deployment manifest.
- B. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the image pull secret property in the application deployment manifest.
- C. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment.
- D. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagepullsecret property in the application deployment manifest.
Answer: B
Explanation:
Pulling Images from Registry during Deployment
During the deployment of an application to a Kubernetes cluster, you'll typically want one or more images to be pulled from a Docker registry. In the application's manifest file you specify the images to pull, the registry to pull them from, and the credentials to use when pulling the images. The manifest file is commonly also referred to as a pod spec, or as a deployment.yaml file (although other filenames are allowed).
If you want the application to pull images that reside in Oracle Cloud Infrastructure Registry, you have to perform two steps:
- You have to use kubectl to create a Docker registry secret. The secret contains the Oracle Cloud Infrastructure credentials to use when pulling the image. When creating secrets, Oracle strongly recommends you use the latest version of kubectl To create a Docker registry secret:
1- If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up.
2- In a terminal window, enter:
$ kubectl create secret docker-registry <secret-name> --docker-server=<region-key>.ocir.io --docker-username='<tenancy-namespace>/<oci-username>' --docker-password='<oci-auth-token>' --docker-email='<email-address>' where:
<secret-name> is a name of your choice, that you will use in the manifest file to refer to the secret . For example, ocirsecret
<region-key> is the key for the Oracle Cloud Infrastructure Registry region you're using. For example, iad. See Availability by Region.
ocir.io is the Oracle Cloud Infrastructure Registry name.
<tenancy-namespace> is the auto-generated Object Storage namespace string of the tenancy containing the repository from which the application is to pull the image (as shown on the Tenancy Information page). For example, the namespace of the acme-dev tenancy might be ansh81vru1zp. Note that for some older tenancies, the namespace string might be the same as the tenancy name in all lower-case letters (for example, acme-dev).
<oci-username> is the username to use when pulling the image. The username must have access to the tenancy specified by <tenancy-name>. For example, [email protected] . If your tenancy is federated with Oracle Identity Cloud Service, use the format oracleidentitycloudservice/<username>
<oci-auth-token> is the auth token of the user specified by <oci-username>. For example, k]j64r{1sJSSF-;)K8
<email-address> is an email address. An email address is required, but it doesn't matter what you specify. For example, [email protected]
- You have to specify the image to pull from Oracle Cloud Infrastructure Registry, including the repository location and the Docker registry secret to use, in the application's manifest file.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypullingimagesfromocir.htm
NEW QUESTION 35
You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach?
- A. All services log to a shared log file.
- B. Each service logs to its own log file.
- C. All services log to an external logging system.
- D. All services log to standard output only.
Answer: D
Explanation:
Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism; as such, most container engines are likewise designed to support some kind of logging. The easiest and most embraced logging method for containerized applications is to write to the standard output and standard error streams.
Kubernetes also provides cluster-based logging to record container activity into a central logging subsystem. The standard output and standard error output of each container in a Kubernetes cluster can be ingested using an agent like Fluentd running on each node into tools like Elasticsearch and viewed with Kibana. And finally, monitor containers, pods, applications, services, and other components of your cluster. One can use tools such as Prometheus, Grafana, Jaeger for monitoring, visibility, and tracing the cluster.
References:
https://dzone.com/articles/5-best-security-practices-for-kubernetes-and-oracle-kubernetes-engine
https://kubernetes.io/docs/concepts/cluster-administration/logging/
https://blogs.oracle.com/developers/5-best-practices-for-kubernetes-security
NEW QUESTION 36
......
New 1z0-1084-22 Dumps - Real Oracle Exam Questions: https://www.examdumpsvce.com/1z0-1084-22-valid-exam-dumps.html
