Aug-2022 Pass Your 1z0-1084-22 Exam at the First Try with 100% Real Exam
Get Real Exam Questions for 1z0-1084-22 with New Questions
Oracle 1z0-1084-22 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION 13
Which two handle Oracle Functions authentication automatically?
- A. Oracle Cloud Infrastructure CLl
- B. cURL
- C. Oracle Cloud Infrastructure SDK
- D. Fn Project CLI
- E. Signed HTTP Request
Answer: A,D
Explanation:
If you use the Fn Project CLI or the Oracle Cloud Infrastructure CLI to invoke a function, authentication is handled for you. See Using the Fn Project CLI to Invoke Functions and Using the Oracle Cloud Infrastructure CLI to Invoke Functions.
If you use an Oracle Cloud Infrastructure SDK to invoke a function, you can use the SDK to handle authentication. See Using SDKs to Invoke Functions.
If you make a signed HTTP request to a function's invoke endpoint, you'll have to handle authentication yourself by including a signature and the OCID of the compartment to which the function belongs in the request header Fn Project CLI you can create an Fn Project CLI Context to Connect to Oracle Cloud Infrastructure and specify --provider oracle This option enables Oracle Functions to perform authentication and authorization using Oracle Cloud Infrastructure request signing, private keys, user groups, and policies that grant permissions to those user groups.
References:
https://blogs.oracle.com/developers/oracle-functions-invoking-functions-automatically-with-cloud-events
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsinvokingfunctions.htm
NEW QUESTION 14
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency.
Which statement is true with regards to service resiliency?
- A. Resiliency testing can be only done in a test environment.
- B. Resiliency is about avoiding failures.
- C. A goal of resiliency is not to bring a service to a functioning state after a failure.
- D. Resiliency is about recovering from failures without downtime or data loss.
Answer: D
Explanation:
Implement resilient applications:
Resiliency is the ability to (recover) from failures and continue to function. It isn't about avoiding failures but accepting the fact that failures will happen and responding to them in a way that avoids downtime or data loss. The goal of resiliency is to return the application to a fully functioning state after a failure.
References:
https://docs.microsoft.com/en-us/dotnet/architecture/microservices/implement-resilient-applications/
NEW QUESTION 15
You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application architecture has multiple OCI services, including Oracle Functions. You need to trigger these functions directly from other OCI services, without having to run custom code.
Which OCI service cannot trigger your functions directly?
- A. OCI Registry
- B. OCI API Gateway
- C. Oracle Integration
- D. OCI Events Service
Answer: A
Explanation:
Overview of Functions:
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs.
The serverless and elastic architecture of Oracle Functions means there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python, Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM).
You can invoke a function that you've deployed to Oracle Functions from:
- The Fn Project CLI.
- The Oracle Cloud Infrastructure SDKs.
- Signed HTTP requests to the function's invoke endpoint. Every function has an invoke endpoint.
- Other Oracle Cloud services (for example, triggered by an event in the Events service) or from external services.
so You can then deploy your code, call it directly or trigger it in response to events, and get billed only for the resources consumed during the execution.
Invoking Oracle Functions from Other Oracle Cloud Infrastructure Services:
You can invoke functions in Oracle Functions from other Oracle Cloud Infrastructure services. Typically, you'll want an event in another service to trigger a request to invoke a function defined in Oracle Functions.
This functionality is currently available in:
1. The Events service. For more information, see Overview of Events.
2.The Notifications service. For more information, see Notifications Overview. For a scenario, see Scenario A: Automatically Resize VMs.
3.The API Gateway service. For more information, see Adding a Function in Oracle Functions as an API Gateway Back End.
4.The Oracle Integration service, using the OCI Signature Version 1 security policy. For more information, see Configure Oracle Integration to Call Oracle Cloud Infrastructure Functions with the REST Adapter in Using the REST Adapter with Oracle Integration.
so OCI Registry services cannot trigger your functions directly
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsintegratingwithother.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm
https://blogs.oracle.com/cloud-infrastructure/announcing-notifications-triggers-for-serverless-functions
NEW QUESTION 16
Per CAP theorem, in which scenario do you NOT need to make any trade-off between the guarantees?
- A. when the system is running on-premise
- B. when there are no network partitions
- C. when you are using load balancers
- D. when the system is running in the cloud
Answer: B
Explanation:
(1) CAP THEOREM
"CONSISTENCY, AVAILABILITY and PARTITION TOLERANCE are the features that we want in our distributed system together" Of three properties of shared-data systems (Consistency, Availability and tolerance to network Partitions) only two can be achieved at any given moment in time.
(2) In a distributed system, you can have both Consistency and Availability, except when there is a Partition:
Relaxing the consistency requirements usually makes it easier to maintain availability, but the CAP theorem is not an excuse to give up strong consistency across the board. A well-designed system can balance both availability and consistency while tolerating partitions over a range of tradeoffs, where eventual consistency is just one possibility.
References:
https://blogs.oracle.com/maa/the-cap-theorem:-consistency-and-availability-except-when-partitioned
NEW QUESTION 17
You are deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and you want to implement request policies to control access Which is NOT available in OCI API Gateway?
- A. Enabling CORS (Cross-Origin Resource Sharing) support
- B. Limiting the number of requests sent to backend services
- C. Controlling access to OCI resources
- D. Providing authentication and authorization
Answer: C
Explanation:
Adding Request Policies and Response Policies to API Deployment Specifications:
You can control the behavior of an API deployment you create on an API gateway by adding request and response policies to the API deployment specification:
a request policy describes actions to be performed on an incoming request from a caller before it is sent to a back end a response policy describes actions to be performed on a response returned from a back end before it is sent to a caller You can use request policies to:
limit the number of requests sent to back-end services
enable CORS (Cross-Origin Resource Sharing) support
provide authentication and authorization
You can add request and response policies that apply globally to all routes in an API deployment specification, and also (in some cases) request and response policies that apply only to particular routes.
Note the following:
No response policies are currently available.
API Gateway request policies and response policies are different to IAM policies, which control access to Oracle Cloud Infrastructure resources.
You can add request and response policies to an API deployment specification by:
using the Console
editing a JSON file
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayaddingrequestpolicies.htm
NEW QUESTION 18
Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubect1 CLI?
- A. Tiller enabled on the OKE cluster
- B. A configured OCI API signing key pair
- C. Install and configure the OCI CLI
- D. An SSH key pair with the public key added to cluster worker nodes
- E. OCI Identity and Access Management Auth Token
Answer: B,C
Explanation:
Setting Up Local Access to Clusters
To set up a kubeconfig file to enable access to a cluster using a local installation of kubectl and the Kubernetes Dashboard:
Step 1: Generate an API signing key pair
Step 2: Upload the public key of the API signing key pair
Step 3: Install and configure the Oracle Cloud Infrastructure CLI
Step 4: Set up the kubeconfig file
Step 5: Verify that kubectl can access the cluster
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm
NEW QUESTION 19
You are developing a serverless application with Oracle Functions. You have created a function in compartment named prod. When you try to invoke your function you get the following error.
Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions.oc1.phx.aaaaaaaac... does not exist or Oracle Functions is not authorized to use it How can you resolve this error?
- A. Create a policy:
Allow service FaaS to use virtual-network-family in compartment prod - B. Create a policy:
Allow function-family to use virtual-network-family in compartment prod - C. Create a policy:
Allow any-user to manage function-family and virtual-network-family in compartment prod - D. Deleting the function and redeploying it will fix the problem
Answer: A
Explanation:
Troubleshooting Oracle Functions:
There are common issues related to Oracle Functions and how you can address them.
Invoking a function returns a FunctionInvokeSubnetNotAvailable message and a 502 error (due to a DHCP Options issue) When you invoke a function that you've deployed to Oracle Functions, you might see the following error message:
{"code":"FunctionInvokeSubnetNotAvailable","message":"dhcp options ocid1.dhcpoptions........ does not exist or Oracle Functions is not authorized to use it"} Fn: Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions........ does not exist or Oracle Functions is not authorized to use it If you see this error:
Double-check that a policy has been created to give Oracle Functions access to network resources.
Create Policies to Control Access to Network and Function-Related Resources:
Service Access to Network Resources
When Oracle Functions users create a function or application, they have to specify a VCN and a subnet in which to create them. To enable the Oracle Functions service to create the function or application in the specified VCN and subnet, you must create an identity policy to grant the Oracle Functions service access to the compartment to which the network resources belong.
To create a policy to give the Oracle Functions service access to network resources:
Log in to the Console as a tenancy administrator.
Create a new policy in the root compartment:
Open the navigation menu. Under Governance and Administration, go to Identity and click Policies.
Follow the instructions in To create a policy, and give the policy a name (for example, functions-service-network-access).
Specify a policy statement to give the Oracle Functions service access to the network resources in the compartment:
Allow service FaaS to use virtual-network-family in compartment <compartment-name> For example:
Allow service FaaS to use virtual-network-family in compartment acme-network Click Create.
Double-check that the set of DHCP Options in the VCN specified for the application still exists.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionstroubleshooting.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionscreatingpolicies.htm
NEW QUESTION 20
In a Linux environment, what is the default location of the configuration file that Oracle Cloud Infrastructure CLI uses for profile information? (Choose the best answer.)
- A. /usr/bin/oci/con
- B. /etc/.oci/con
- C. $HOME/.oci/con
- D. /usr/local/bin/con
Answer: C
Explanation:
Before using Oracle Functions, you must have an Oracle Cloud Infrastructure CLI configuration file that contains the credentials of the user account that you will be using to create and deploy functions. These user account credentials are referred to as a 'profile'.
By default, the Oracle Cloud Infrastructure CLI configuration file is located at ~/.oci/config. You might already have a configuration file as a result of installing the Oracle Cloud Infrastructure CLI. However, you don't need to have installed the Oracle Cloud Infrastructure CLI in order to use Oracle Functions.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsconfigureocicli.htm#:~:text=By%20default%2C%20the%20Oracle%20Cloud,file%20is%20located%20at%20~%2F.
https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliconfigure.htm
NEW QUESTION 21
You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach?
- A. All services log to an external logging system.
- B. All services log to a shared log file.
- C. Each service logs to its own log file.
- D. All services log to standard output only.
Answer: D
Explanation:
Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism; as such, most container engines are likewise designed to support some kind of logging. The easiest and most embraced logging method for containerized applications is to write to the standard output and standard error streams.
Kubernetes also provides cluster-based logging to record container activity into a central logging subsystem. The standard output and standard error output of each container in a Kubernetes cluster can be ingested using an agent like Fluentd running on each node into tools like Elasticsearch and viewed with Kibana. And finally, monitor containers, pods, applications, services, and other components of your cluster. One can use tools such as Prometheus, Grafana, Jaeger for monitoring, visibility, and tracing the cluster.
References:
https://dzone.com/articles/5-best-security-practices-for-kubernetes-and-oracle-kubernetes-engine
https://kubernetes.io/docs/concepts/cluster-administration/logging/
https://blogs.oracle.com/developers/5-best-practices-for-kubernetes-security
NEW QUESTION 22
Which is NOT a supported SDK on Oracle Cloud Infrastructure (OCI)?
- A. Python SDK
- B. Go SDK
- C. Ruby SDK
- D. .NET SDK
- E. Java SDK
Answer: D
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm
NEW QUESTION 23
You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform?
- A. Generate an auth token to complete the authentication via Docker CLI.
- B. Assign a tag via Docker CLI to the image.
- C. Assign an OCI defined tag via OCI CLI to the image.
- D. Generate an API signing key to complete the authentication via Docker CLI.
- E. Generate an OCI tag namespace in your repository.
Answer: A,B
Explanation:
Pushing Images Using the Docker CLI:
You use the Docker CLI to push images to Oracle Cloud Infrastructure Registry.
To push an image, you first use the docker tag command to create a copy of the local source image as a new image (the new image is actually just a reference to the existing source image). As a name for the new image, you specify the fully qualified path to the target location in Oracle Cloud Registry where you want to push the image, optionally including the name of a repository.
For example, assume you have a local image named acme-web-app:latest. Let's say you want to push this image to Oracle Cloud Infrastructure Registry with a name of acme-web-app:version2.0.test into a repository called project01 in the Ashburn region of the acme-dev tenancy. When you use the docker tag command, you'd name the new image with the fully qualified path to its destination, in the format <region-key>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>. So in this case, you'd name the new image iad.ocir.io/ansh81vru1zp/project01/acme-web-app:version2.0.test. Subsequently, when you use the docker push command, the image's name ensures it is pushed to the correct destination.
To push images to Oracle Cloud Infrastructure Registry using the Docker CLI:
If you already have an auth token, go to the next step. Otherwise:
On the Auth Tokens page, click Generate Token.
Enter a friendly description for the auth token. Avoid entering confidential information.
Click Generate Token. The new auth token is displayed.
Copy the auth token immediately to a secure location from where you can retrieve it later, because you won't see the auth token again in the Console.
Close the Generate Token dialog.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypushingimagesusingthedockercli.htm
NEW QUESTION 24
A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use In this scenario?
- A. Create an authorizer function using token-based authorization.
- B. Create an authorizer function using request header authorization.
- C. Create a cross account functions authorizer.
- D. Create an authorizer function using OCI Identity and Access Management based authentication
Answer: B
Explanation:
Using Authorizer Functions to Add Authentication and Authorization to API Deployments:
You can control access to APIs you deploy to API gateways using an 'authorizer function' (as described in this topic), or using JWTs (as described in Using JSON Web Tokens (JWTs) to Add Authentication and Authorization to API Deployments).
You can add authentication and authorization functionality to API gateways by writing an 'authorizer function' that:
1. Processes request attributes to verify the identity of a caller with an identity provider.
2.Determines the operations that the caller is allowed to perform.
3.Returns the operations the caller is allowed to perform as a list of 'access scopes' (an 'access scope' is an arbitrary string used to determine access).
Optionally returns a key-value pair for use by the API deployment. For example, as a context variable for use in an HTTP back end definition (see Adding Context Variables to Policies and HTTP Back End Definitions).
Create an authorizer function using request header authorization implemented using a custom scheme which accepts string parameters from the API caller.
Managing Input Parameters
In our case we will need to manage quite a few static parameters in our code. For example the URLs of the secrets service endpoints, the username and other constant parameterised data. We can manage these either at Application or Function level (an OCI Function is packaged in an Application which can contain multiple Functions). In this case I will create function level parameters. You can use the following command to create the parameters:
fn config function test idcs-assert idcsClientId aedc15531bc8xxxxxxxxxxbd8a193
References:
https://technology.amis.nl/2020/01/03/oracle-cloud-api-gateway-using-an-authorizer-function-for-client-secret-authorization-on-api-access/
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayusingauthorizerfunction.htm
https://www.ateam-oracle.com/how-to-implement-an-oci-api-gateway-authorization-fn-in-nodejs-that-accesses-oci-resources
NEW QUESTION 25
Given a service deployed on Oracle Cloud infrastructure Container Engine for Kubernetes (OKE), which annotation should you add in the sample manifest file to specify a 400 Mbps load balancer?
- A. service, beta, kubernetes. lo/oci-load-balancer-value: 4 00Mbps
- B. service . beta . kubernetes . lo/oci-load-balancer-size: 400Mbps
- C. service . beta. kubernetes . lo/oci-load-balancer-shape: 400Mbps
- D. service.beta, kubernetes. lo/oci-load-balancer-kind: 400Mbps
Answer: C
Explanation:
The shape of an Oracle Cloud Infrastructure load balancer specifies its maximum total bandwidth (that is, ingress plus egress). By default, load balancers are created with a shape of 100Mbps. Other shapes are available, including 400Mbps and 8000Mbps.
To specify an alternative shape for a load balancer, add the following annotation in the metadata section of the manifest file:
service.beta.kubernetes.io/oci-load-balancer-shape: <value>
where value is the bandwidth of the shape (for example, 100Mbps, 400Mbps, 8000Mbps).
For example:
apiVersion: v1
kind: Service
metadata:
name: my-nginx-svc
labels:
app: nginx
annotations:
service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: nginx
https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md
NEW QUESTION 26
In order to effectively test your cloud-native applications, you might utilize separate environments (development, testing, staging, production, etc.). Which Oracle Cloud Infrastructure (OC1) service can you use to create and manage your infrastructure?
- A. OCI Compute
- B. OCI API Gateway
- C. OCI Resource Manager
- D. OCI Container Engine for Kubernetes
Answer: C
Explanation:
Resource Manager is an Oracle Cloud Infrastructure service that allows you to automate the process of provisioning your Oracle Cloud Infrastructure resources. Using Terraform, Resource Manager helps you install, configure, and manage resources through the "infrastructure-as-code" model.
References:
https://docs.cloud.oracle.com/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
NEW QUESTION 27
How can you find details of the tolerations field for the sample YAML file below?
- A. kubectl list pod.spec.tolerations
- B. kubectl explain pod.spec.tolerations
- C. kubectl get pod.spec.tolerations
- D. kubectl describe pod.spec tolerations
Answer: B
Explanation:
kubectl explain to List the fields for supported resources
explainkubectl explain [--recursive=false] [flags]Get documentation of various resources. For instance pods, nodes, services, etc.
References:
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain
https://kubernetes.io/docs/reference/kubectl/cheatsheet/
NEW QUESTION 28
A programmer Is developing a Node is application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OC1) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (JAM)?
- A. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.
- B. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.
- C. Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server.
- D. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.
Answer: A
Explanation:
Set up an Oracle Cloud Infrastructure API Signing Key for Use with Oracle Functions:
Before using Oracle Functions, you have to set up an Oracle Cloud Infrastructure API signing key.
The instructions in this topic assume:
- you are using Linux
For more information and other options, see Required Keys and OCIDs.
The instructions below describe how to create a new ~/.oci directory, how to generate a new private key file and public key file in that ~/.oci directory, how to upload the public key to Oracle Cloud Infrastructure to create a new API signing key, and how to obtain a fingerprint for the public API key. Be aware that instructions and examples elsewhere in this documentation assume the ~/.oci directory exists and contains the private and public key files.
To set up an API signing key:
Log in to your development environment as a functions developer.
In a terminal window, confirm that the ~/.oci directory does not already exist. For example, by entering:
ls ~/.oci
Assuming the ~/.oci directory does not already exist, create it. For example, by entering:
mkdir ~/.oci
Generate a private key encrypted with a passphrase that you provide by entering:
$ openssl genrsa -out ~/.oci/<private-key-file-name>.pem -aes128 2048
where <private-key-file-name> is a name of your choice for the private key file (for example, john_api_key_private.pem).
For example:
$ openssl genrsa -out ~/.oci/john_api_key_private.pem -aes128 2048
Generating RSA private key, 2048 bit long modulus
....+++
....................................................................+++ e is 65537 (0x10001) Enter pass phrase for /Users/johndoe/.oci/john_api_key_private.pem:
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionssetupapikey.htm
NEW QUESTION 29
Which two statements are true for service choreography?
- A. Service choreography should not use events for communication.
- B. Service choreographer is responsible for invoking other services.
- C. Services involved in choreography communicate through messages/messaging systems.
- D. Service choreography relies on a central coordinator.
- E. Decision logic in service choreography is distributed.
Answer: C,E
Explanation:
Service Choreography
Service choreography is a global description of the participating services, which is defined by exchange of messages, rules of interaction and agreements between two or more endpoints. Choreography employs a decentralized approach for service composition. the decision logic is distributed, with no centralized point.
Choreography, in contrast, does not rely on a central coordinator. and all participants in the choreography need to be aware of the business process, operations to execute, messages to exchange, and the timing of message exchanges.
References:
https://stackoverflow.com/questions/4127241/orchestration-vs-choreography/33316988
NEW QUESTION 30
As a cloud-native developer, you have written a web service for your company. You have used Oracle Cloud Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, your security team has suggested that your web service should handle Distributed Denial-of-Service (DDoS) attack. You are time-constrained and you need to make sure that this is implemented as soon as possible.
What should you do in this scenario?
- A. Use OCI virtual cloud network (VCN) segregation to control DDoS.
- B. Use OCI API Gateway service and configure rate limiting.
- C. Use a third party service integration to implement a DDoS attack mitigation,
- D. Re-write your web service and implement rate limiting.
Answer: B
Explanation:
Having created an API gateway and deployed one or more APIs on it, you'll typically want to limit the rate at which front-end clients can make requests to back-end services. For example, to:
- maintain high availability and fair use of resources by protecting back ends from being overwhelmed by too many requests
- prevent denial-of-service attacks
- constrain costs of resource consumption
- restrict usage of APIs by your customers' users in order to monetize APIs You apply a rate limit globally to all routes in an API deployment specification.
If a request is denied because the rate limit has been exceeded, the response header specifies when the request can be retried.
You can add a rate-limiting request policy to an API deployment specification by:
using the Console
editing a JSON file
{
"requestPolicies": {
"rateLimiting": {
"rateKey": "CLIENT_IP",
"rateInRequestsPerSecond": 10
}
},
"routes": [
{
"path": "/hello",
"methods": ["GET"],
"backend": {
"type": "ORACLE_FUNCTIONS_BACKEND",
"functionId": "ocid1.fnfunc.oc1.phx.aaaaaaaaab______xmq"
}
}
]
}
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewaylimitingbackendaccess.htm
NEW QUESTION 31
Which pattern can help you minimize the probability of cascading failures in your system during partial loss of connectivity or a complete service failure?
- A. Circuit breaker pattern
- B. Compensating transaction pattern
- C. Anti-corruption layer pattern
- D. Retry pattern
Answer: A
Explanation:
A cascading failure is a failure that grows over time as a result of positive feedback. It can occur when a portion of an overall system fails, increasing the probability that other portions of the system fail.
the circuit breaker pattern prevents the service from performing an operation that is likely to fail. For example, a client service can use a circuit breaker to prevent further remote calls over the network when a downstream service is not functioning properly. This can also prevent the network from becoming congested by a sudden spike in failed retries by one service to another, and it can also prevent cascading failures. Self-healing circuit breakers check the downstream service at regular intervals and reset the circuit breaker when the downstream service starts functioning properly.
https://blogs.oracle.com/developers/getting-started-with-microservices-part-three
NEW QUESTION 32
You have two microservices, A and B running in production. Service A relies on APIs from service B.
You want to test changes to service A without deploying all of its dependencies, which includes service B.
Which approach should you take to test service A?
- A. Test using API mocks.
- B. Test the APIs in private environments.
- C. There is no need to explicitly test APIs.
- D. Test against production APIs.
Answer: A
Explanation:
Best Practices: API Mocking:
This is where mocking comes in: instead of developing code with actual external dependencies in place, a mock of those dependencies is created and used instead. Depending on your development needs this mock is made "intelligent" enough to allow you to make the calls you need and get similar results back as you would from the actual component, thus enabling development to move forward without being hindered by eventual unavailability of external systems you depend on The most common term for creating simulated components is mocking, but others are also used, and partly apply to different things; stubbing, simulation, and virtualization. The basic concept is the same - instead of using an actual software component (an API in our case) - a "replacement" version of that API is created and used instead. It behaves as the original API, but lacks many of the functional and non-functional characteristics of the original component. Which term is applicable depends on the degree to which the mock-up corresponds to the actual API:
Stubbing: mostly a placeholder without real functionality
Mocking: basic functionality required for a specific testing or development purpose Simulation: complete functionality for testing or development purposes Virtualization: imulation that is deployed into an operational, manageable and controllable environment
References:
https://docs.oracle.com/en/solutions/build-governance-app-oracle-paas/test-custom-apis.html
https://www.soapui.org/learn/mocking/what-is-api-mocking/
NEW QUESTION 33
As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which should you leverage to meet this requirement?
- A. Open Service Broker API
- B. OCI Service Broker for Kubernetes
- C. Oracle Functions
- D. OCI Container Engine for Kubernetes
Answer: B
Explanation:
Adding OCI Service Broker for Kubernetes to Clusters:
Service brokers offer a catalog of backing services to workloads running on cloud native platforms. The Open Service Broker API is a commonly-used standard for interactions between service brokers and platforms. The Open Service Broker API specification describes a simple set of API endpoints that platforms use to provision, gain access to, and manage service offerings. For more information about the Open Service Broker API, see resources available online including those at openservicebrokerapi.org.
OCI Service Broker for Kubernetes is an implementation of the Open Service Broker API. OCI Service Broker for Kubernetes is specifically for interacting with Oracle Cloud Infrastructure services from Kubernetes clusters. It includes three service broker adapters to bind to the following Oracle Cloud Infrastructure services:
-Object Storage
-Autonomous Transaction Processing
-Autonomous Data Warehouse
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengaddingservicebrokers.htm
NEW QUESTION 34
Given a service deployed on Oracle Cloud Infrastructure Container Engine far Kubernetes (OKE), which annotation should you add in the sample manifest file below to specify a 400 Mbps load balancer?
- A. service.beta.kubernetes.io/oci-load-balancer-size: 400Mbps
- B. service, beta, kubernetes . io/oci-load-balancer-kind: 400Mbps
- C. service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
- D. service.beta.kubernetes.io/oci-load-balancer-value: 400Mbps
Answer: C
Explanation:
Overview of Load Balancing:
SHAPE
A template that determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include 10Mbps, 100 Mbps, 400 Mbps, and 8000 Mbps.
oci-load-balancer-shape: A template that determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include 100Mbps, 400Mbps, and 8000Mbps. Cannot be modified after load balancer creation.
All annotations are prefixed with service.beta.kubernetes.io/. For example:
kind: Service
apiVersion: v1
metadata:
name: nginx-service
annotations:
service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid..."
service.beta.kubernetes.io/oci-load-balancer-subnet2: "ocid..."
spec:
...
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm
https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md
NEW QUESTION 35
......
Updated 1z0-1084-22 Certification Exam Sample Questions: https://www.test4cram.com/1z0-1084-22_real-exam-dumps.html
Get Unlimited Access to 1z0-1084-22 Certification Exam Cert Guide: https://drive.google.com/open?id=1q6ORJ8bK7xNZXPCqe0VXPRTSpZi4vFGf