Verified 1Z0-1084-25 Dumps Q&As - 1Z0-1084-25 Test Engine with Correct Answers [Q54-Q77] | TestBraindump

Verified 1Z0-1084-25 Dumps Q&As - 1Z0-1084-25 Test Engine with Correct Answers [Q54-Q77]

Share

Verified 1Z0-1084-25 Dumps Q&As - 1Z0-1084-25 Test Engine with Correct Answers

Pass Your 1Z0-1084-25 Dumps as PDF Updated on 2025 With 101 Questions

NEW QUESTION # 54
How are cloud native application versions deployed to an OKE cluster when using a blue/green deployment strategy?

  • A. Current applications are slowly replaced with new application versions.
  • B. New application versions are deployed in minor increments to a select group of people.
  • C. Both old and new application versions are deployed to production at the same time.

Answer: C

Explanation:
Blue/Green deployment strategy allows releasing a new version of an application using two identical environments where one of them is active at a given time. The current version of the application is provisioned on the active environment, whereas the new version gets deployed to the standby environment1. The traffic is shifted from the active to the standby environment by updating the ingress resource2. Therefore, both old and new application versions are deployed to production at the same time, but only one of them receives the traffic. Verified Reference: Announcing new deployment strategies for OCI DevOps Service, Blue-Green OKE Deployment


NEW QUESTION # 55
Your team has been tasked with debugging a Cloud Native application developed using the following Oracle Cloud Infrastructure (OCI) services: Object Storage, Events, Functions, API Gateway, and Autonomous Database. Which of these is NOT a valid option for troubleshooting issues in OCI? (Choose the best answer.)

  • A. Use OCI Service Connector Hub to configure a service connector to automatically send logs to the OCI Logging Analytics service.
  • B. Trace performance issues In the Application Performance Monitoring service by enabling Function traces.
  • C. View service metric information from the OCI Monitoring service.
  • D. Leverage OCI Cloud Guard to extract and visualize the debug logs generated by your application.
  • E. Configure the application to send logs to the OCI Logging service.

Answer: B

Explanation:
To troubleshoot issues in OCI, the option that is not valid is: Trace performance issues in the Application Performance Monitoring service by enabling Function traces. While the Application Performance Monitoring service in OCI allows you to monitor and trace the performance of your applications, it is specifically designed for monitoring OCI Functions (serverless functions) and does not directly apply to all types of applications. The other options mentioned, such as configuring logs in the OCI Logging service, leveraging OCI Cloud Guard for debug logs, viewing service metrics in the OCI Monitoring service, and using OCI Service Connector Hub for log forwarding, are valid options for troubleshooting and monitoring applications in OCI.


NEW QUESTION # 56
Which TWO are part of the Cloud Native Computing Foundation (CNCF) container runtime? (Choose two.)

  • A. getcd
  • B. containerd
  • C. runc
  • D. rkt-o

Answer: B,C

Explanation:
The two components that are part of the Cloud Native Computing Foundation (CNCF) container runtime are: containerd: containerd is an open-source container runtime that provides a runtime environment for containers, including managing container images, executing containers, and handling container lifecycle events. It is designed to be lightweight and extensible, providing the necessary functionality to run containers efficiently. runc: runc is a lightweight container runtime that serves as a reference implementation of the Open Container Initiative (OCI) runtime specification. It is responsible for launching and managing containers based on OCI specifications, including handling container isolation, namespaces, cgroups, and other low-level container operations. These two components, containerd and runc, are widely used in the container ecosystem and are part of the CNCF's efforts to promote and develop open-source technologies for cloud-native computing.


NEW QUESTION # 57
Which "Action Type" option is NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?

  • A. Notifications
  • B. Streaming
  • C. Functions
  • D. Email

Answer: D

Explanation:
An action is a response that you define for the rule to perform when the filter finds a matching event1. The action type specifies the service that you want to invoke by delivering the event message1. The following action types are available in OCI Events rule definition1:
Streaming: Send to a stream from Oracle Streaming Service.
Notifications: Send to an Oracle Notification Service topic.
Functions: Send to an Oracle Functions Service endpoint. Email is not a valid action type for OCI Events rule definition. To send an email as an action, you need to use the Notifications service and subscribe to a topic with an email protocol2.


NEW QUESTION # 58
As a Cloud Native developer, you have written a web service for your company. However, your security team has suggested that your web service should address Distributed Denial-of-Service (DDoS) attack. You are time-constrained and you need to ensure that this is implemented as soon as possible. What should you do in this scenario? (Choose the best answer.)

  • A. Re-write your web service and implement rate limiting.
  • B. Use a third party service integration to Implement DDoS attack mitigation.
  • C. Use the OCI API Gateway service and configure rate limiting.
  • D. Use the OCI Virtual Cloud Network (VCN) segregation to control DDoS.

Answer: C

Explanation:
The correct answer in this scenario is to use the OCI API Gateway service and configure rate limiting. Using the OCI API Gateway service and configuring rate limiting is an effective approach to address Distributed Denial-of-Service (DDoS) attacks. By implementing rate limiting, you can control the number of requests that can be made to your web service within a specific time frame. This helps to prevent overload and ensures that your service can handle legitimate traffic while mitigating the impact of DDoS attacks. By leveraging the OCI API Gateway service, you can easily configure rate limiting rules to restrict the number of requests per second or per minute. This allows you to set appropriate thresholds and safeguard your web service from being overwhelmed by excessive requests. The API Gateway acts as a protective layer, filtering out malicious traffic and ensuring the smooth operation of your service. While options like OCI Virtual Cloud Network (VCN) segregation and third-party service integrations may contribute to overall security, they do not specifically address DDoS attacks as efficiently as rate limiting. VCN segregation focuses more on network segmentation and isolation, while third-party service integration may introduce additional dependencies and complexities. Re-writing your web service and implementing rate limiting is a viable option, but it may not be feasible considering the time constraints mentioned. Leveraging the OCI API Gateway service provides a quicker and easier solution to implement DDoS attack mitigation through rate limiting.


NEW QUESTION # 59
Which TWO are characteristics of microservices? (Choose two.)

  • A. Microservices can be implemented in limited number of programming languages.
  • B. Microservices communicate over lightweight APIs.
  • C. All microservices share a data store.
  • D. Microservices are hard to test in isolation.
  • E. Microservices can be independently deployed.

Answer: B,E

Explanation:
The two characteristics of microservices are: Microservices can be independently deployed: One of the key principles of microservices architecture is the ability to independently deploy each microservice. This means that changes or updates to one microservice can be made and deployed without affecting other microservices. It allows for faster and more frequent deployments, enabling agile development and scalability. Microservices communicate over lightweight APIs: Microservices communicate with each other through lightweight APIs (Application Programming Interfaces). This enables loose coupling between microservices, as they can interact with each other using standard protocols like HTTP/REST or messaging systems like RabbitMQ or Kafka. Lightweight APIs facilitate flexibility and interoperability between microservices, making it easier to develop and maintain complex systems. The remaining statement, "All microservices share a data store," is not a characteristic of microservices. Microservices are designed to be autonomous and have their own data storage or database. Each microservice has its own data store, which promotes the principle of bounded contexts and avoids tight coupling between services. This allows for better scalability and independence of data management within each microservice.


NEW QUESTION # 60
When developing microservices, each one can be developed in the language of choice. Which term describes this type of development? (Choose the best answer.)

  • A. Polyglot
  • B. Agile
  • C. DevOps
  • D. Distributed

Answer: D

Explanation:
The term that describes developing microservices in different languages of choice is "Polyglot." In a polyglot architecture, each microservice is developed using the most appropriate programming language or technology stack for its specific requirements. This approach allows developers to leverage the strengths of different languages and frameworks, enabling them to use the most suitable tool for each microservice while still maintaining interoperability between services.


NEW QUESTION # 61
Your Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purpose. Which step should you take to obtain the log file?

  • A. SSH into the node using the public key.
  • B. It is impossible because OKE is a managed Kubernetes service.
  • C. Use the username opc and password to login.
  • D. SSH into the nodes using the private key.

Answer: D

Explanation:
To obtain a log file from one of the nodes in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster, you should SSH into the nodes using the private key. Here's the step-by-step process: Obtain the private key: The private key is required to authenticate and access the nodes in the OKE cluster. You should obtain the private key from your administrator or the appropriate key pair used to create the cluster. SSH into the node: Use a secure shell (SSH) client, such as OpenSSH, to connect to the desired node in the cluster. The SSH command typically includes the private key file path and the public IP address or hostname of the node. Example command: ssh -i <private_key_file> opc@<node_public_ip> Replace <private_key_file> with the path to the private key file and <node_public_ip> with the public IP address of the node you want to access. Navigate to the log file location: Once you have successfully connected to the node, navigate to the directory where the log file is located. The exact location and name of the log file may vary depending on the Kubernetes distribution and configuration. Copy or view the log file: You can either copy the log file from the node to your local machine using the scp command or view the contents directly on the node using tools like cat or less. By following these steps, you will be able to access the log file from the desired node in the OKE cluster for troubleshooting purposes.


NEW QUESTION # 62
Which of the following is NOT a criterion that is usually met by a microservice?

  • A. Tightly coupled
  • B. Organized around business capabilities.
  • C. Independently deployable
  • D. Highly maintainable

Answer: A

Explanation:
The correct answer is: "Tightly coupled." Tightly coupling is not a criterion that is usually met by a microservice. In fact, microservices are designed to be loosely coupled. Loosely coupling refers to reducing dependencies and minimizing the direct interactions between different components or services. Microservices promote independence and autonomy, allowing each service to operate independently without being tightly bound to other services. The other options listed are criteria that are typically met by microservices: Organized around business capabilities: Microservices architecture suggests designing services around specific business capabilities or functionalities. This allows for focused and specialized services that align with the organization's business needs. Independently deployable: Microservices are designed to be independently deployable units. Each microservice can be developed, tested, and deployed separately, without impacting other services. This enables agility and scalability in the deployment process. Highly maintainable: Microservices are often designed to be highly maintainable. They are smaller in scope and focused on specific tasks, making it easier to manage and maintain individual services. Additionally, microservices can be updated, patched, or replaced without affecting the entire system, facilitating easier maintenance and evolution of the application. Therefore, the criterion that is NOT typically met by a microservice is being tightly coupled.


NEW QUESTION # 63
In the shared responsibility model, who should perform patching, upgrading, and maintaining of the worker nodes in provisioned Oracle Container Engine for Kubernetes (OKE) clusters?

  • A. Oracle Support does it.
  • B. It is an automated process.
  • C. It is the responsibility of the customer.

Answer: C

Explanation:
In the shared responsibility model, Oracle is responsible for securing the underlying cloud infrastructure and platform services, while customers are responsible for securing their data and applications within the cloud4. For provisioned OKE clusters, Oracle manages the control plane (master nodes) of the Kubernetes cluster, while customers manage the data plane (worker nodes) of the cluster5. Therefore, it is the responsibility of the customer to perform patching, upgrading, and maintaining of the worker nodes in provisioned OKE clusters5. Customers can use tools such as Terraform or kubectl to automate these tasks5.


NEW QUESTION # 64
Your organization is developing serverless applications with Oracle Functions. Many functions will need to store state data in a database, which will require using appropriate credentials. However, your corporate security standards mandate encryption of secret information, such as database passwords. How would you address this security requirement?

  • A. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.
  • B. Use OCI Console to enter the password in the function configuration section in the provided input field.
  • C. Encrypt the password using the OCI Vault service and then decrypt this password in your function code with the generated key.
  • D. Use the OCI Vault service to auto-encrypt the password and then set an application-level configuration variable to reference the auto-decrypted password inside your function container.

Answer: C

Explanation:
The best way to store and use secret information, such as database passwords, in Oracle Functions is to use the OCI Vault service. The OCI Vault service provides encryption and decryption capabilities for sensitive data. You can use the OCI Vault service to encrypt the password and store it as an application-level configuration variable. Then, you can use the generated key to decrypt the password in your function code when you need to access the database. Verified Reference: Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables


NEW QUESTION # 65
What is the maximum execution time of Oracle Functions?

  • A. 300 seconds
  • B. 120 seconds
  • C. 240 seconds
  • D. 60 seconds

Answer: A

Explanation:
The maximum execution time of Oracle Functions is 300 seconds, which is equivalent to 5 minutes. This means that a function running within Oracle Functions cannot exceed a runtime of 5 minutes. If a function requires longer execution times, alternative approaches such as invoking external services asynchronously or using long-running processes should be considered. It is important to design functions with this execution time limitation in mind to ensure optimal performance and efficiency within the Oracle Functions platform.


NEW QUESTION # 66
Which command is used to get a Docker image from Oracle Cloud Infrastructure Registry (OCIR) to the client machine?

  • A. docker pull <tenancy-namespace>/<region-key>.ocir.io/<repo-name>: <tag>
  • B. docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>: <tag>
  • C. docker fetch <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>
  • D. docker fetch <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag>

Answer: B

Explanation:
To pull a Docker image from OCI Registry to the client machine, you need to use the docker pull command with the following syntax1: docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag> where:
<region-key> is the key for the OCI Registry region you're using. For example, iad. See Availability by Region1.
ocir.io is the OCI Registry name.
<tenancy-namespace> is the auto-generated Object Storage namespace string of the tenancy that owns the repository from which you want to pull the image (as shown on the Tenancy Information page)1.
<repo-name> is the name of the repository that contains the image you want to pull.
<tag> is the tag of the image you want to pull.


NEW QUESTION # 67
Which TWO statements accurately describe an Oracle Functions application? (Choose two.)

  • A. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events, and OCI API Gateway services.
  • B. A Docker image containing all the functions that share the same configuration.
  • C. A small block of code invoked in response to an OCI Events service.
    A logical group of functions.
  • D. A common context to store configuration variables that are available to all functions in the application. A Docker image containing all the functions that share the same configuration.

Answer: C,D

Explanation:
The correct statements are: A common context to store configuration variables that are available to all functions in the application. A Docker image containing all the functions that share the same configuration. A logical group of functions. Explanation:: An Oracle Functions application provides a common context for functions within the application. It allows you to store configuration variables that are accessible by all the functions in the application. Functions within the same application can share the same Docker image, which contains the common configuration and dependencies. An Oracle Functions application serves as a logical group that organizes related functions. Functions within the same application can be managed collectively, and they can interact and share resources within the application context.


NEW QUESTION # 68
As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which of the following should you leverage to meet this requirement? (Choose the best answer.)

  • A. OCI Container Engine for Kubernetes
  • B. OCI Service Broker for Kubernetes
  • C. Open Service Broker API
  • D. Oracle Functions

Answer: B

Explanation:
To provision storage buckets as part of your Kubernetes deployment process for an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage, you should leverage the OCI Service Broker for Kubernetes. OCI Service Broker for Kubernetes enables you to provision and manage OCI resources, including Object Storage buckets, directly from Kubernetes. It provides a Kubernetes-native experience for managing OCI services, allowing you to define and manage OCI resources as part of your application deployment process. By using the OCI Service Broker for Kubernetes, you can define the required Object Storage buckets in your Kubernetes manifests, and the service broker will handle the provisioning and management of those buckets in OCI, ensuring that they are available for your application wherever it is running.


NEW QUESTION # 69
You have two microservices, A and B running in production. Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test service A?

  • A. Test using the current production version of service B.
  • B. This is not possible because service B is a dependency.
  • C. Test using a previous test version of service B.
  • D. Test using an API mock of service B.

Answer: D

Explanation:
The correct answer is: Test using an API mock of service B. To test service A without deploying all of its dependencies, including service B, you can use an API mock of service B. An API mock is a simulated version of the API that mimics the behavior of the actual service. By using an API mock, you can isolate the testing of service A and simulate the responses and behavior of service B's APIs. With an API mock, you can define the expected responses and behavior of service B's APIs, allowing you to test the integration between service A and the mocked version of service B. This approach enables you to verify the functionality of service A without relying on the availability or changes in the actual service B. By decoupling the dependencies and using an API mock, you can perform independent testing of service A, ensuring its functionality in isolation.


NEW QUESTION # 70
A developer using Oracle Cloud Infrastructure (OCI) API Gateway needs to authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string-based parameters from the API caller. Which approach should the developer use in this scenario?

  • A. Create a cross account functions authorizer.
  • B. Create an authorizer function using request header authorization.
  • C. Create an authorizer function using token-based authorization.
  • D. Create an authorizer function using OCI Identity and Access Management 91AM) based authentication.

Answer: C

Explanation:
In the given scenario, the developer should use the approach of creating an authorizer function using token-based authorization. Token-based authorization is a commonly used approach for authenticating API requests. It involves generating and issuing tokens to API callers, which they can then include in the requests they make to the API. The tokens serve as proof of authentication and are validated by the server to ensure the caller's identity and access rights. By creating an authorizer function using token-based authorization, the developer can implement a custom scheme that accepts string-based parameters from the API caller. This allows the developer to define their own authentication logic and validate the provided tokens according to their requirements. The authorizer function can be configured in the OCI API Gateway to be invoked before forwarding the request to the web application. It will perform the necessary token validation and authentication checks, allowing only authorized requests to access the protected resources of the web application.


NEW QUESTION # 71
Your team has chosen to use master encryption key (MEK) within an Oracle Cloud Infrastructure (OCI) Vault for encrypting Kubernetes secrets associated with your microservice deployments in OCI Container Engine for Kubernetes (OKE) clusters so that you can easily manage key rotation. Which of the following is NOT valid about rotating keys in the OCI Vault service?

  • A. Once rotated, older key versions can be used for encryption until they are deleted.
  • B. Both software and HSM-protected MEKS can be rotated.
  • C. Each key version is tracked internally with separate unique OCIDS.
  • D. When you rotate an MEK, a new key version is automatically generated.

Answer: A

Explanation:
The correct answer is: "Once rotated, older key versions can be used for encryption until they are deleted." The statement that is NOT valid about rotating keys in the OCI Vault service is: "Once rotated, older key versions can be used for encryption until they are deleted." In the OCI Vault service, when you rotate a master encryption key (MEK), a new key version is automatically generated. However, once a key is rotated and a new version is created, the older key versions are no longer usable for encryption. The purpose of key rotation is to ensure that the encryption keys are regularly updated and that older keys are no longer used to protect sensitive data. This enhances security by minimizing the impact of potential key compromises. The other statements mentioned are valid: Both software and hardware security module (HSM)-protected MEKs can be rotated. This provides flexibility in choosing the type of MEK and ensures that key rotation can be performed regardless of the encryption method used. Each key version is tracked internally with separate unique OCIDs (Oracle Cloud Identifiers). This allows for easy management and tracking of different key versions within the OCI Vault service. In summary, the statement that is NOT valid is the one suggesting that older key versions can still be used for encryption until they are deleted. Key rotation is designed to ensure the use of the latest key version and to retire older key versions to enhance security.


NEW QUESTION # 72
To enforce mutual TLS (mTLS) authentication for clients of your microservices, your team has chosen to leverage the Oracle Cloud Infrastructure (OCI) API Gateway service to create new API Deployments that will direct requests to your microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway?

  • A. Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name).
  • B. The mTLS request policy can only be enabled at the API deployment specification level, which then applies globally to ALL routes in that deployment.
  • C. Custom CA or custom CA bundles can be added to your gateway's trust store ONLY if they already exist in the OCI Certificates service.
  • D. Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless you have defined one or more particular values (such as a domain name).

Answer: A

Explanation:
The correct answer is: "Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)." The statement that is NOT valid regarding the mTLS options in OCI API Gateway is: "Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)." In OCI API Gateway, adding a custom certificate authority (CA) or custom CA bundle to the gateway's trust store is not optional. It is a necessary step when configuring mTLS authentication. The trust store in the gateway is used to validate the client certificates presented during mTLS authentication. The other options listed are valid regarding the mTLS options in OCI API Gateway: Once the mTLS request policy is enabled, all requests with valid certificates are routed to the backend unless specific values (such as a domain name) are defined. This means that only requests with valid client certificates will be allowed to access the backend microservices. The mTLS request policy can only be enabled at the API deployment specification level, and it applies globally to all routes in that deployment. This ensures consistent mTLS authentication across all routes and endpoints in the API deployment. Custom CA or custom CA bundles can be added to the gateway's trust store, but only if they already exist in the OCI Certificates service. This allows you to include trusted CAs or CA bundles to validate client certificates during mTLS authentication.


NEW QUESTION # 73
A Docker image consists of one or more layers, each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. What permission is associated with these layers?

  • A. read mostly
  • B. movable
  • C. read only
  • D. write only
  • E. write once

Answer: C

Explanation:
The correct answer is: "read only." The layers of a Docker image are read-only. Once a layer is created, it cannot be modified. Each layer represents a Dockerfile instruction, and it is stacked on top of the previous layer, forming a stack of immutable layers. These layers are designed to be read-only to ensure consistency and integrity of the image. When a Docker image is built, each instruction in the Dockerfile creates a new layer. Each layer represents the changes made by that instruction relative to the previous layer. The layers are stacked on top of each other to form the complete image. This layer-based approach allows for efficient storage and distribution of Docker images. Because the layers are read-only, any changes or modifications to the image result in the creation of new layers rather than modifying the existing ones. This immutability ensures that each layer remains intact and preserves the integrity of the image. It also enables Docker's caching mechanism, where previously built layers can be reused if the corresponding instructions haven't changed, speeding up the image build process. The other options mentioned, such as "write only," "write once," "movable," and "read mostly," do not accurately describe the permission associated with Docker image layers. Docker image layers are specifically designed to be read-only.


NEW QUESTION # 74
Which term describes a group formed by a master machine and a worker machine in a Kubernetes architecture?

  • A. Cluster
  • B. Node
  • C. Container
  • D. Deployment
  • E. Pod

Answer: A

Explanation:
The term that describes a group formed by a master machine and a worker machine in a Kubernetes architecture is "Cluster". A cluster in Kubernetes consists of one or more master machines and multiple worker machines (also known as nodes). The master machine manages the overall control plane and orchestrates the deployment and management of containers on the worker nodes. The worker nodes are responsible for running the containers and executing the workloads. The cluster is the fundamental unit of organization and management in Kubernetes, providing the infrastructure and resources to run and manage containerized applications. It ensures high availability, scalability, and fault tolerance for the applications deployed within it.


NEW QUESTION # 75
You developed a microservices-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination for this application using the fewest steps possible?

  • A. Add these annotations to the kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl secret-key
  • B. Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-security-list management-mode: "Frontend"
  • C. Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret
  • D. Generate a self-signed certificate using Let's Encrypt. Use that certificate on OCI Load Balancer. Create the Kubernetes service using this load balancer.

Answer: C

Explanation:
The correct answer is: "Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: '443' service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret." To create a secure SSL termination for your microservices-based application running in an OCI Container Engine for Kubernetes (OKE) cluster, you can follow these steps: Create a self-signed certificate and its corresponding key: Generate a self-signed SSL certificate and its private key using a tool like OpenSSL. Create a Kubernetes secret: Create a Kubernetes secret using the certificate and key obtained in the previous step. This secret will securely store the certificate and key within the Kubernetes cluster. Add annotations to the Kubernetes service: Modify the Kubernetes service that exposes your application and add the following annotations to enable SSL termination: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: '443' (specify the SSL port as 443) annotations: service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret (specify the name of the Kubernetes secret containing the certificate and key) By following these steps, you can create a secure SSL termination for your application using a self-signed certificate and Kubernetes secret. The annotations added to the Kubernetes service ensure that the SSL port is configured correctly and the TLS secret is utilized for SSL termination when traffic reaches the load balancer. The other options provided are not the most suitable approaches for achieving secure SSL termination in an OCI Container Engine for Kubernetes (OKE) cluster: Adding annotations related to the OCI load balancer SSL secret key is not the correct approach for SSL termination in this scenario. Using Let's Encrypt to generate a self-signed certificate and configuring it on the OCI Load Balancer is not necessary when you can create and manage the SSL certificate within the Kubernetes cluster using a Kubernetes secret.


NEW QUESTION # 76
You are developing a polyglot serverless application using Oracle Functions. Which language cannot be used to write your function code?

  • A. Python
  • B. Go
  • C. PL/SQL
  • D. Node.js
  • E. Java

Answer: C

Explanation:
Oracle Functions does not currently support PL/SQL as a language for writing function code. PL/SQL is a procedural language used in Oracle Database for developing stored procedures, triggers, and other database-related code. However, Oracle Functions supports several other popular programming languages such as Go, Node.js, Python, and Java, allowing developers to choose the language that best suits their application requirements and their familiarity with the language. While PL/SQL is powerful for working with the Oracle Database, it is not an option for writing function code in the Oracle Functions serverless architecture.


NEW QUESTION # 77
......

Pass Oracle 1Z0-1084-25 Exam Info and Free Practice Test: https://www.testbraindump.com/1Z0-1084-25-exam-prep.html

Oracle 1Z0-1084-25 Real Exam Questions and Answers FREE: https://drive.google.com/open?id=1scYNiL0Q4I5RwrJGTS3ye0V4rUxlLtaZ