[Feb 03, 2023] Get New 1z0-1084-22 Certification – Valid Exam Dumps Questions [Q10-Q27]

3 Feb, 2023 By admin 1z0-1084-22, Oracle 0 Comments

[Feb 03, 2023] Get New 1z0-1084-22 Certification – Valid Exam Dumps Questions [Q10-Q27]

Rate this post

[Feb 03, 2023] Get New 1z0-1084-22 Certification – Valid Exam Dumps Questions

100% Passing Guarantee – Brilliant 1z0-1084-22 Exam Questions PDF

Oracle 1z0-1084-22 Exam Syllabus Topics:

Topic	Details
Topic 1	Use OCI Logging service to enable, manage, and search logs Testing and Securing Cloud Native Applications
Topic 2	Explain cloud native testing and discuss measures for testing cloud native applications Develop Serverless Application with Oracle Functions
Topic 3	Create API gateways to process traffic from API clients and route it to back-end services Leveraging Serverless Technologies for Cloud Native Development
Topic 4	Build event-driven serverless applications using OCI event service Explain DevOps and discuss the role of container orchestration
Topic 5	Monitoring & Troubleshooting Cloud Native Applications Perform Tasks around Monitoring, Logging, and Tracing
Topic 6	Apply security measures to overcome challenges with cloud native development Explain docker and the concepts around its architecture and components
Topic 7	Create integration between systems using OCI streaming service Explain the microservices architecture and discuss the design methodology of microservices

NO.10 A programmer Is developing a Node is application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OC1) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (JAM)?

Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.

Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server.

Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

NO.11 As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which should you leverage to meet this requirement?

OCI Service Broker for Kubernetes

OCI Container Engine for Kubernetes

Open Service Broker API

Oracle Functions

NO.12 A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster Which rule can you use to prevent a container from running as root using PSP?

NoPrivilege

RunOnlyAsUser

MustRunAsNonRoot

forbiddenRoot

NO.13 A service you are deploying to Oracle infrastructure (OCI) Container En9ine for Kubernetes (OKE) uses a docker image from a private repository Which configuration is necessary to provide access to this repository from OKE?

Add a generic secret on the cluster containing your identity credentials. Then specify a registrycredentials property in the deployment manifest.

Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagepullsecret property in the application deployment manifest.

Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the image pull secret property in the application deployment manifest.

Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment.

Pulling Images from Registry during Deployment
During the deployment of an application to a Kubernetes cluster, you’ll typically want one or more images to be pulled from a Docker registry. In the application’s manifest file you specify the images to pull, the registry to pull them from, and the credentials to use when pulling the images. The manifest file is commonly also referred to as a pod spec, or as a deployment.yaml file (although other filenames are allowed).
If you want the application to pull images that reside in Oracle Cloud Infrastructure Registry, you have to perform two steps:
– You have to use kubectl to create a Docker registry secret. The secret contains the Oracle Cloud Infrastructure credentials to use when pulling the image. When creating secrets, Oracle strongly recommends you use the latest version of kubectl To create a Docker registry secret:
1- If you haven’t already done so, follow the steps to set up the cluster’s kubeconfig configuration file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up.
2- In a terminal window, enter:
$ kubectl create secret docker-registry <secret-name> –docker-server=<region-key>.ocir.io –docker-username='<tenancy-namespace>/<oci-username>’ –docker-password='<oci-auth-token>’ –docker-email='<email-address>’ where:
<secret-name> is a name of your choice, that you will use in the manifest file to refer to the secret . For example, ocirsecret
<region-key> is the key for the Oracle Cloud Infrastructure Registry region you’re using. For example, iad. See Availability by Region.
ocir.io is the Oracle Cloud Infrastructure Registry name.
<tenancy-namespace> is the auto-generated Object Storage namespace string of the tenancy containing the repository from which the application is to pull the image (as shown on the Tenancy Information page). For example, the namespace of the acme-dev tenancy might be ansh81vru1zp. Note that for some older tenancies, the namespace string might be the same as the tenancy name in all lower-case letters (for example, acme-dev).
<oci-username> is the username to use when pulling the image. The username must have access to the tenancy specified by <tenancy-name>. For example, [email protected] . If your tenancy is federated with Oracle Identity Cloud Service, use the format oracleidentitycloudservice/<username>
<oci-auth-token> is the auth token of the user specified by <oci-username>. For example, k]j64r{1sJSSF-;)K8
<email-address> is an email address. An email address is required, but it doesn’t matter what you specify. For example, [email protected]
– You have to specify the image to pull from Oracle Cloud Infrastructure Registry, including the repository location and the Docker registry secret to use, in the application’s manifest file.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypullingimagesfromocir.htm

NO.14 You are using Oracle Cloud Infrastructure (0CI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins.
How should you use the OCI Events service to do this without writing any code?

Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching “Resource Manager Stack – Update” condition, and select the notification topic for the corresponding action.

Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching “Resource Manager job – Create” condition, and select the notification topic for the corresponding action.

Create a rule in OCI Events service matching the “Resource Manager Stack – Update” condition. Then select “Action Type: Email” and provide the destination email address.

Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching “Resource Manager Job – Create” condition, and select the email configuration for the corresponding action.

NO.15 A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes with an OCI Autonomous Database. Their support team discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment.
What should they implement to mitigate this attack?

Network Security Lists

Network Security Groups

Network Security Firewall

Web Application Firewall

NO.16 You have a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option is not valid for o from a container in Kubernetes?

Enable Oracle REST Data Services for the required schemas and connect via HTTPS.

Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest.

Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime.

Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy serviceinstance and serviceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest.

The Kubernetes documentation lays out the following use case for the Service Catalog API:
An application developer wants to use message queuing as part of their application running in a Kubernetes cluster. However, they do not want to deal with the overhead of setting such a service up and administering it themselves. Fortunately, there is a cloud provider that offers message queuing as a managed service through its service broker.
A cluster operator can setup Service Catalog and use it to communicate with the cloud provider’s service broker to provision an instance of the message queuing service and make it available to the application within the Kubernetes cluster. The application developer therefore does not need to be concerned with the implementation details or management of the message queue. The application can simply use it as a service.
The samples in the OCI Service Broker source code include a deployment YAML file that describes how to use an init container to take the values in the Autonomous Transaction Processing service binding and put them in environment variables or in a volume mount. After that, your application can use those values to connect to the database.
Once you’ve installed and registered the service broker, you’re ready to use the ATP service plan to provision an ATP instance. I’ll go into details below, but the overview of the process looks like so:
-Create a Kubernetes secret with a new admin and wallet password (in JSON format)
– Create a YAML configuration for the ATP Service Instance
– Deploy the Service Instance
– Create a YAML config for the ATP Service Binding
– Deploy the Service Binding to obtain which results in the creation of a new Kubernetes secret containing the wallet contents
– Create a Kubernetes secret for Microservice deployment use containing the admin password and the wallet password (in plain text format)
– Create a YAML config for the Microservice deployment which uses an initContainer to decode the wallet secrets (due to a bug which double encodes them) and mounts the wallet contents as a volume References:
https://blogs.oracle.com/developers/creating-an-atp-instance-with-the-oci-service-broker
https://blogs.oracle.com/cloud-infrastructure/integrating-oci-service-broker-with-autonomous-transaction-processing-in-the-real-world

NO.17 You created a pod called “nginx” and its state is set to Pending.
Which command can you run to see the reason why the “nginx” pod is in the pending state?

kubect2 logs pod nginx

kubect2 describe pod nginx

kubect2 get pod nginx

Through the Oracle Cloud Infrastructure Console

NO.18 You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage- Your function needs to read a JSON file object from an Object Storage bucket named “input-bucket” in compartment “qa-compartment”. Your corporate security standards mandate the use of Resource Principals for this use case.
Which two statements are needed to implement this use case?

Set up a policy with the following statement to grant read access to the bucket:
allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target .bucket .name=’ input-bucket *

Set up the following dynamic group for your function’s OCID: Name: read-file-dg Rule: resource . id = ‘ ocid1. f nf unc. ocl -phx. aaaaaaaakeaobctakezj z5i4uj j 7g25q7sx5mvr55pms6f 4da !

Set up a policy to grant all functions read access to the bucket:
allow all functions in compartment qa-compartment to read objects in target.bucket.name=’input-bucket’

Set up a policy to grant your user account read access to the bucket:
allow user XYZ to read objects in compartment qa-compartment where target .bucket, name-‘input-bucket’

No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy

NO.19 In the sample Kubernetes manifest file below, what annotations should you add to create a private load balancer In oracle Cloud infrastructure Container Engine for Kubermetes?

A)

B)

C)

D)

Option A

Option B

Option C

Option D

NO.20 Which one of the statements describes a service aggregator pattern?

It is implemented in each service separately and uses a streaming service

It involves implementing a separate service that makes multiple calls to other backend services

It uses a queue on both sides of the service communication

It involves sending events through a message broker

NO.21 Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?

date or x-date

(request-target)

content-type

host

NO.22 Given a service deployed on Oracle Cloud Infrastructure Container Engine far Kubernetes (OKE), which annotation should you add in the sample manifest file below to specify a 400 Mbps load balancer?

service.beta.kubernetes.io/oci-load-balancer-value: 400Mbps

service.beta.kubernetes.io/oci-load-balancer-size: 400Mbps

service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps

service, beta, kubernetes . io/oci-load-balancer-kind: 400Mbps

NO.23 Which two statements are true for service choreography?

Service choreographer is responsible for invoking other services.

Services involved in choreography communicate through messages/messaging systems.

Service choreography relies on a central coordinator.

Service choreography should not use events for communication.

Decision logic in service choreography is distributed.

NO.24 Which concepthe following steps reference Console instructionsCloud Infrastructure Resource Manager?

Job

Stack

Queue

Plan

https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm Following are brief descriptions of key concepts and the main components of Resource Manager.
CONFIGURATION
Information to codify your infrastructure. A Terraform configuration can be either a solution or a file that you write and upload.
JOB
Instructions to perform the actions defined in your configuration. Only one job at a time can run on a given stack; further, you can have only one set of Oracle Cloud Infrastructure resources on a given stack. To provision a different set of resources, you must create a separate stack and use a different configuration.
Resource Manager provides the following job types:
Plan: Parses your Terraform configuration and creates an execution plan for the associated stack. The execution plan lists the sequence of specific actions planned to provision your Oracle Cloud Infrastructure resources. The execution plan is handed off to the apply job, which then executes the instructions.
Apply. Applies the execution plan to the associated stack to create (or modify) your Oracle Cloud Infrastructure resources. Depending on the number and type of resources specified, a given apply job can take some time. You can check status while the job runs.
Destroy. Releases resources associated with a stack. Released resources are not deleted. For example, terminates a Compute instance controlled by a stack. The stack’s job history and state remain after running a destroy job. You can monitor the status and review the results of a destroy job by inspecting the stack’s log files.
Import State. Sets the provided Terraform state file as the current state of the stack. Use this job to migrate local Terraform environments to Resource Manager.
STACK
The collection of Oracle Cloud Infrastructure resources corresponding to a given Terraform configuration. Each stack resides in the compartment you specify, in a single region; however, resources on a given stack can be deployed across multiple regions. An OCID is assigned to each stack.
the following steps reference Console instructions
Create a Terraform configuration.
Create a stack.
Run a plan job, which produces an execution plan.
Review the execution plan.
If changes are needed in the execution plan, update the configuration and run a plan job again.
Run an apply job to provision resources.
Review state file and log files, as needed.
You can optionally reapply your configuration, with or without making changes, by running an apply job again.
Optionally, to release the resources running on a stack, run a destroy job.

NO.25 You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database passwords.
As a function developer, which approach should you follow to satisfy this security requirement?

Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.

Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.

Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.

All function configuration variables are automatically encrypted by Oracle Functions.

NO.26 You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach?

Each service logs to its own log file.

All services log to an external logging system.

All services log to standard output only.

All services log to a shared log file.

NO.27 You encounter an unexpected error when invoking the Oracle Function named “myfunction” in application “myapp”. Which can you use to get more information on the error?

fn –debug invoke myapp myfunction

DEBOG=1 fn invoke myapp myfunction

fn –verbose invoke myapp myfunction

Call Oracle support with your error message