1z0-1084-25 Practice Exam Questions with Answers Oracle Cloud Infrastructure 2025 Developer Professional Certification

Explanation

The two true statements for serverless computing and serverless architectures are: Applications running on a FaaS (Functions as a Service) platform: Serverless architectures typically involve running code in the form of functions on a serverless platform. These functions are event-driven and executed in response to specific triggers or events. Serverless function execution is fully managed by a third party: In serverless computing, the cloud provider takes care of the infrastructure management and resource provisioning. The execution of serverless functions is handled automatically by the platform, relieving developers from the responsibility of managing servers or infrastructure. It's important to note that long running tasks are not typically suited for serverless architectures due to the event-driven nature of serverless functions. Also, while serverless functions may have state, it is recommended to avoid external storage dependencies and instead leverage stateless functions whenever possible. Additionally, scaling in serverless architectures is typically handled automatically by the platform, rather than being the responsibility of the application DevOps team.

Explanation

The correct answer is: "Tightly coupled." Tightly coupling is not a criterion that is usually met by a microservice. In fact, microservices are designed to be loosely coupled. Loosely coupling refers to reducing dependencies and minimizing the direct interactions between different components or services. Microservices promote independence and autonomy, allowing each service to operate independently without being tightly bound to other services. The other options listed are criteria that are typically met by microservices: Organized around business capabilities: Microservices architecture suggests designing services around specific business capabilities or functionalities. This allows for focused and specialized services that align with the organization's business needs. Independently deployable: Microservices are designed to be independently deployable units. Each microservice can be developed, tested, and deployed separately, without impacting other services. This enables agility and scalability in the deployment process. Highly maintainable: Microservices are often designed to be highly maintainable. They are smaller in scope and focused on specific tasks, making it easier to manage and maintain individual services. Additionally, microservices can be updated, patched, or replaced without affecting the entire system, facilitating easier maintenance and evolution of the application. Therefore, the criterion that is NOT typically met by a microservice is being tightly coupled.

Explanation

The correct answer is: Invoke from the Docker CLI. Explanation: Executing a function deployed in Oracle Functions is typically done using the following options: Invoke from the Fn Project CLI: The Fn Project CLI provides a command-line interface specifically designed for interacting with Oracle Functions. You can use commands like fn invoke to invoke a function. Trigger by an event in the Oracle Cloud Infrastructure (OCI) Events service: You can configure events in OCI to trigger your function based on various criteria, such as object storage events, resource state changes, or scheduled events. Invoke from the OCI CLI: The OCI CLI (Command Line Interface) allows you to interact with various services in Oracle Cloud Infrastructure, including Oracle Functions. You can use the fn invoke command to invoke a function. Send signed HTTP requests to the function's invoke endpoint: Oracle Functions provides an HTTP endpoint that can be used to invoke functions. You can send signed HTTP requests to this endpoint using tools or programming languages that support making HTTP requests. On the other hand, invoking a function deployed in Oracle Functions using the Docker CLI is not a valid option. The Docker CLI is primarily used for managing Docker containers and images, and it does not provide a direct mechanism for invoking functions in Oracle Functions.

Explanation

The correct answer is: Enable monitoring for all worker nodes in the cluster. Enabling monitoring for all worker nodes in the cluster is not required to collect and parse application logs using Oracle Cloud Infrastructure (OCI) Logging. Monitoring is a separate feature that allows you to collect metrics and monitor the health and performance of the worker nodes. To collect and parse application logs, you need to perform the following tasks: Set the OCI Logging option to Enabled for the cluster: This enables the OCI Logging service for the cluster. Create a dynamic group with a rule that includes all worker nodes in the cluster: This helps in targeting the logs generated by the worker nodes. Configure a custom log in OCI Logging with the appropriate agent configuration: This involves specifying the log source, log path, and log format to parse and collect the application logs. By completing these tasks, you can collect and parse the application logs generated by the applications running on the worker node compute instances in the OKE cluster.

Explanation

The option that will get you more information on the error when invoking Oracle Functions from your Cloud Shell session is: "DEBUG=1 fn invoke myapp myfunction". Setting the environment variable DEBUG=1 before invoking the function using the fn command allows you to enable debug mode, which provides more detailed information about the execution of the function. This can be useful for troubleshooting and understanding the root cause of the error. By using the command "DEBUG=1 fn invoke myapp myfunction", the function invocation will be executed with debug mode enabled, and additional debug information will be displayed in the console output. This information can include stack traces, detailed error messages, and other relevant details that can help identify and resolve the issue. Using the verbose option (--verbose) or debug option (--debug) with the fn command may also provide additional information, but the specific behavior may depend on the version and configuration of the fn CLI tool. While contacting Oracle support with the error message is always an option, enabling debug mode using the DEBUG=1 environment variable provides immediate access to more detailed information and can help in diagnosing and resolving the error more efficiently.

Explanation

The three technologies best suited for implementing a microservices-based application are: Service Mesh: A service mesh is a dedicated infrastructure layer that provides features like service discovery, load balancing, encryption, authentication, and observability for microservices. It helps in managing the communication and interactions between microservices in a scalable and secure manner. Kubernetes: Kubernetes is an open-source container orchestration platform that enables the deployment, scaling, and management of containerized applications. It provides features like automated scaling, service discovery, load balancing, and self-healing capabilities, which are essential for managing microservices in a distributed environment. Docker: Docker is a popular containerization platform that allows packaging applications and their dependencies into lightweight containers. It provides a consistent and portable environment for running microservices, enabling easy deployment and scalability. Docker also facilitates isolation and resource efficiency, making it an ideal choice for deploying microservices. While Big Data, Anomaly Detection, and Terraform are valuable technologies, they are not specifically focused on enabling the implementation of microservices-based applications.

Explanation

To address the requirement of extracting and transforming data from the Oracle Cloud Infrastructure (OCI) Streaming service and sending it to a third-party REST endpoint using the OCI Service Connector Hub, the best configuration option is: Configure a new service connector as follows: • Source: Streaming • Task: None • Target: Notifications By selecting the Streaming service as the source, you can capture the transactional data from the stream. Since there is a need to transform and send the data to a third-party REST endpoint, you don't need to specify any specific task in the connector. The target is set to Notifications, which allows you to send the transformed data to an endpoint outside of the OCI environment. Notifications can be configured to deliver the data to various supported destinations, including HTTP endpoints, email addresses, and more. This configuration enables you to automate the process of extracting data from the streaming service and sending it to the desired third-party REST endpoint, fulfilling the requirement of extracting, transforming, and forwarding the data.

Explanation

A valid concern that needs to be further investigated in this scenario is whether the OKE cluster has a secret with the credentials of the Oracle Cloud Infrastructure Registry (OCIR) repository and if that secret is being used in the Kubernetes deployment manifest. Here's why this concern is relevant: Access to the OCIR repository: In order for the OKE cluster to pull images from the OCIR repository, it needs proper authentication credentials. These credentials are typically provided in the form of a secret, which contains the necessary information to authenticate with the registry. Secret in the deployment manifest: The Kubernetes deployment manifest defines how the application containers should be deployed. It includes specifications such as the container image, resource requirements, and environment variables. To pull images from a private repository like OCIR, the deployment manifest needs to reference the appropriate secret that contains the registry credentials. If the images are not being pulled from the designated OCIR repository, it suggests that either the secret with the OCIR credentials is missing or it is not properly referenced in the deployment manifest. Further investigation should focus on verifying the presence and correctness of the secret, as well as confirming that it is correctly referenced in the deployment manifest for the application containers. By ensuring the presence of the secret and proper configuration in the deployment manifest, the OKE cluster will have the necessary credentials to access the OCIR repository and successfully deploy the application containers.

Explanation

The correct answer is: "Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)." The statement that is NOT valid regarding the mTLS options in OCI API Gateway is: "Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)." In OCI API Gateway, adding a custom certificate authority (CA) or custom CA bundle to the gateway's trust store is not optional. It is a necessary step when configuring mTLS authentication. The trust store in the gateway is used to validate the client certificates presented during mTLS authentication. The other options listed are valid regarding the mTLS options in OCI API Gateway: Once the mTLS request policy is enabled, all requests with valid certificates are routed to the backend unless specific values (such as a domain name) are defined. This means that only requests with valid client certificates will be allowed to access the backend microservices. The mTLS request policy can only be enabled at the API deployment specification level, and it applies globally to all routes in that deployment. This ensures consistent mTLS authentication across all routes and endpoints in the API deployment. Custom CA or custom CA bundles can be added to the gateway's trust store, but only if they already exist in the OCI Certificates service. This allows you to include trusted CAs or CA bundles to validate client certificates during mTLS authentication.

Explanation

The option that is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console is: "The number of retries made by the function before failing due to an error." When viewing the Application metrics in the OCI Console for Oracle Functions, you can typically see metrics related to the performance and usage of your functions. These metrics provide insights into how your functions are performing and being utilized. The following metrics are usually available: The number of requests to invoke a function that failed due to throttling: This metric indicates the number of requests that were not processed by the function due to reaching the configured concurrency limit or throttling settings. The length of time a function runs for: This metric represents the duration of each function invocation, measuring the time it takes for the function to complete its execution. The number of requests to invoke a function that failed with an error response: This metric counts the number of requests that encountered an error during the function invocation, resulting in a failed response. However, the number of retries made by the function before failing due to an error is not typically available as part of the Application metrics in the OCI Console. The retries made by the function are usually handled at the invoker level, and the specific details of retries may not be captured as part of the application-level metrics. It's important to note that the availability of metrics and their specific details may vary depending on the version and configuration of Oracle Functions and the monitoring setup. It is recommended to refer to the Oracle Functions documentation and consult the official documentation for accurate and up-to-date information on available metrics.

Explanation

The correct answer in this scenario is to use the OCI API Gateway service and configure rate limiting. Using the OCI API Gateway service and configuring rate limiting is an effective approach to address Distributed Denial-of-Service (DDoS) attacks. By implementing rate limiting, you can control the number of requests that can be made to your web service within a specific time frame. This helps to prevent overload and ensures that your service can handle legitimate traffic while mitigating the impact of DDoS attacks. By leveraging the OCI API Gateway service, you can easily configure rate limiting rules to restrict the number of requests per second or per minute. This allows you to set appropriate thresholds and safeguard your web service from being overwhelmed by excessive requests. The API Gateway acts as a protective layer, filtering out malicious traffic and ensuring the smooth operation of your service. While options like OCI Virtual Cloud Network (VCN) segregation and third-party service integrations may contribute to overall security, they do not specifically address DDoS attacks as efficiently as rate limiting. VCN segregation focuses more on network segmentation and isolation, while third-party service integration may introduce additional dependencies and complexities. Re-writing your web service and implementing rate limiting is a viable option, but it may not be feasible considering the time constraints mentioned. Leveraging the OCI API Gateway service provides a quicker and easier solution to implement DDoS attack mitigation through rate limiting.

Explanation

The necessary configuration to provide access to a private repository in OCI Registry (OCIR) from OCI Container Engine for Kubernetes (OKE) is to create a docker-registry secret for OCIR with an identity Auth Token on the cluster and specify the imagePullSecret property in the application deployment manifest. Here's the breakdown of the steps: Create a docker-registry secret for OCIR with an identity Auth Token: In order to authenticate with the private repository in OCIR, you need to create a secret in your OKE cluster that contains the necessary credentials. This can be done by generating an identity Auth Token from the OCI Console and creating a secret in the cluster using the kubectl command. Specify the imagePullSecret property in the application deployment manifest: In your application's deployment manifest (such as a Kubernetes Deployment or StatefulSet YAML file), you need to include the imagePullSecret property and specify the name of the secret you created in the previous step. This allows the OKE cluster to use the credentials from the secret to pull the docker image from the private repository in OCIR during deployment. By following these steps, you can ensure that your OKE cluster has the necessary access to the private repository in OCIR, and your application can successfully pull the required docker image during deployment.

OCI Streaming is a fully managed, scalable, and durable messaging solution for ingesting continuous, high-volume streams of data that you can consume and process in real-time1. Streaming is suitable for any use case in which data is produced and processed continually and sequentially in a publish-subscribe messaging model1. Streaming can handle millions of messages per second with low latency2. Therefore, OCI Streaming is the most appropriate choice for handling real-time data feeds from a fleet of vehicles. Verified References: Overview of Streaming, Container Engine for Kubernetes

The logconfig.json file is a configuration file that specifies how the Unified Monitoring Agent collects and uploads custom logs to the OCI Logging service2. The logconfig.json file contains an array of objects, each representing a custom log configuration2. Each custom log configuration object has the following fields2:

logGroupObjectId: The OCID of the log group where the custom log is stored.

logObjectId: The OCID of the custom log.

paths: An array of paths to files or directories containing the custom logs.

src: A regular expression that matches the files containing the custom logs.

parser: A parser definition that specifies how to parse the custom logs. If the logconfig.json file has incorrect or missing OCID for the custom log in the logobjectId field, or incorrect or missing OCID for the custom log group in the logGroupObjectId field, then the Unified Monitoring Agent will not be able to upload the custom logs to the OCI Logging service2. Therefore, these are potential reasons for logs from the Meshifyd application not showing up in the OCI Logging service. Verified References: Unified Monitoring Agent Configuration File

Explanation

The best answer is: "Use the OCI Logging service and enable VCN flow logs." To meet the requirement of analyzing network communication between two services deployed in different Container Engine for Kubernetes (OKE) clusters within the same Virtual Cloud Network (VCN) in a cost-effective way, you can use the OCI Logging service and enable VCN flow logs. The VCN flow logs feature in OCI allows you to capture and log network traffic information for your VCN resources. By enabling VCN flow logs, you can monitor and analyze the network communication between your services without the need for additional third-party logging services or tools. Enabling VCN flow logs provides visibility into the network traffic, including source and destination IP addresses, ports, protocols, and other relevant details. This information can be collected and stored in the OCI Logging service, where you can analyze and gain insights into the network communication patterns between your services. By leveraging the built-in capabilities of the OCI Logging service and enabling VCN flow logs, you can fulfill the security team's requirement for network communication analysis in a cost-effective manner. This eliminates the need for deploying additional third-party logging services or tools, reducing complexity and potential costs associated with their setup and maintenance. The other options mentioned are not the most cost-effective or suitable solutions for analyzing network communication in this scenario: Deploying a third-party logging service and aggregating the network flow logs would introduce additional costs and complexity, which may not be necessary considering the built-in capabilities provided by OCI. Rewriting the application to send logs to an outside log aggregator would not directly address the requirement of analyzing network communication between the services. It would focus more on application-level logs rather than network-level analysis. Deploying Wireshark and intercepting packets would require additional infrastructure setup and maintenance, which may not be the most cost-effective approach for network analysis in this scenario.

 Cloud native is the software approach of building, deploying, and managing modern applications in cloud computing environments3. Cloud native apps are designed and built to exploit the scale, elasticity, resiliency, and flexibility the cloud provides4. Cloud native technologies support fast and frequent changes to applications without impacting service delivery, providing adopters with an innovative, competitive advantage3. Therefore, cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure. Verified References: What is Cloud Native? - Everything you need to know, What is Cloud Native? | Microsoft Learn

A rolling update is a deployment strategy that gradually replaces the old version of an application with the new version without any downtime4. OKE supports rolling updates by using the kubectl rollout command4. A rolling update allows you to roll back to the previous version if something goes wrong with the new version4. Therefore, using a rolling update strategy with kubectl ensures that you can roll back to the previous version of your Python application if the new image does not work once deployed. Verified References: Deploy Oracle Container Engine for Kubernetes

Explanation

The correct options are: A configured OCI API signing key pair: The API signing key pair is used for authentication and authorization to access OCI resources, including the OKE cluster. The private key should be configured on your local machine to authenticate API requests. An SSH key pair with the public key added to the cluster worker nodes: This is required for secure SSH access to the worker nodes in the OKE cluster. You need to generate an SSH key pair and add the public key to the cluster's worker node pool during cluster creation or update. Therefore, the correct options are having a configured OCI API signing key pair and an SSH key pair with the public key added to the cluster worker nodes.

Explanation

The correct answer is: "A finely tuned piece of software that performs a single or small collection of tasks." Microservices are a software architectural approach where a system is decomposed into small, independent services that are responsible for performing a specific set of tasks. Each microservice is designed to be focused, finely tuned, and highly cohesive, handling a single or a small collection of related tasks. This granularity allows for better scalability, maintainability, and flexibility in building complex applications. The other options provided do not accurately define microservices: An open-source system for automating deployment, scaling, and management of containerized applications refers to a container orchestration tool like Kubernetes, which can be used to manage microservices but is not a definition of microservices itself. A statically typed and compiled language describes a type of programming language characteristic and is not specific to the concept of microservices. An organized collection of structured information or data, typically stored electronically in a computer system is a definition of a database or data storage system and is unrelated to microservices.

Explanation

The correct answer is: In blue/green deployment, both old and new applications are in production at the same time. In canary deployment, the application is deployed incrementally to a select group of people. In a blue/green deployment strategy, two identical environments, referred to as blue and green, are set up. The current production environment (blue) continues to serve live traffic while a new version of the application is deployed in the green environment. Once the new version is tested and deemed stable, traffic is routed from the blue environment to the green environment, making it the new production environment. This approach allows for a seamless switch between the old and new versions of the application. On the other hand, in a canary deployment strategy, the new version of the application is deployed incrementally to a small subset of users or a specific group. This allows for testing the new version in a real production environment while minimizing the impact of any potential issues. If the new version performs well and meets the desired criteria, it can be gradually rolled out to a larger audience or the entire user base. In summary, the main difference between blue/green and canary deployment strategies lies in how the deployment is managed. Blue/green involves simultaneous production of both old and new applications, while canary deployment focuses on incremental deployment to a select group of users.

Explanation

The option that allows changes to a Docker image to be stored in a version control system is: docker commit The docker commit command is used to create a new image from a container's changes. It takes a running container as input, captures the changes made to it, and creates a new image with those changes. This new image can then be tagged and pushed to a registry, or saved locally. By using docker commit, you can effectively capture the changes made to a container as a new image and store it in a version control system along with the Dockerfile and other project files. This allows for reproducibility and traceability of changes to the Docker image over time.

Explanation

The two correct differences between continuous delivery and continuous deployment in the DevOps lifecycle are: Continuous delivery is a process that initiates deployment manually, while continuous deployment is based on automating the deployment process. In continuous delivery, the software is ready for deployment, but the decision to deploy is made manually by a human. On the other hand, continuous deployment automates the deployment process, and once the software passes all the necessary tests and quality checks, it is automatically deployed without human intervention. Continuous delivery involves automatic deployment to a development environment, while continuous deployment involves automatic deployment to a production environment. In continuous delivery, the software is automatically deployed to a development or staging environment for further testing and validation. However, the actual deployment to the production environment is performed manually. In continuous deployment, the software is automatically deployed to the production environment, eliminating the need for manual intervention in the deployment process. These differences highlight the level of automation and human involvement in the deployment process between continuous delivery and continuous deployment approaches in the DevOps lifecycle.

Explanation

Oracle Functions does not currently support PL/SQL as a language for writing function code. PL/SQL is a procedural language used in Oracle Database for developing stored procedures, triggers, and other database-related code. However, Oracle Functions supports several other popular programming languages such as Go, Node.js, Python, and Java, allowing developers to choose the language that best suits their application requirements and their familiarity with the language. While PL/SQL is powerful for working with the Oracle Database, it is not an option for writing function code in the Oracle Functions serverless architecture.

Explanation

The three OCI services that can be leveraged to securely store and version your application's source code, and automate the building, testing, and deployment of applications to the OCI platform are: DevOps: OCI provides a comprehensive set of DevOps services, including Oracle Developer Cloud Service, which allows you to manage source code repositories, automate builds and testing, and streamline the deployment process. Container Engine for Kubernetes: OCI's Container Engine for Kubernetes (OKE) enables you to deploy and manage containerized applications using Kubernetes. It provides a scalable and reliable platform for automating the deployment of your applications. Oracle Cloud Infrastructure Registry: OCI Registry is a fully managed, private container registry that allows you to securely store and manage Docker images. It integrates with other OCI services, such as Container Engine for Kubernetes, to facilitate seamless deployment and orchestration of containerized applications. These services combined provide the necessary tools and infrastructure to support continuous integration and continuous deployment (CI/CD) workflows, enabling efficient and automated application development and deployment processes in the Oracle Cloud Infrastructure environment.

Explanation

The correct answers are: Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource.id = "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da" Set up a policy with the following statement to grant read access to the bucket: Statement: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name = 'input-bucket' Explanation: To implement the use case of reading a JSON file object from an Object Storage bucket using Resource Principals with Oracle Functions, you need to configure the following: Create a dynamic group named "read-file-dg" and associate it with your function's OCID. This dynamic group helps identify the function as a member of the group for policy enforcement. Create a policy that grants read access to the bucket. The policy statement should allow the dynamic group "read-file-dg" to read objects in the compartment "qa-compartment" and specify the target bucket name as "input-bucket". This policy ensures that the function has the necessary permissions to access the specified bucket. By setting up the dynamic group and policy, you ensure that the function, as a member of the dynamic group, has the required read access to the specified Object Storage bucket in the specified compartment.