You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which TWO actions would you need to perform? (Choose two.)
Correct Answer: B,D
To push a new image to the Oracle Cloud Infrastructure (OCI) Registry, you would need to perform the following two actions: Assign a tag via Docker CLI to the image: Before pushing the image, you need to assign a tag to it using the Docker CLI. The tag helps identify the image and associate it with a specific version or label. Generate an auth token to complete the authentication via Docker CLI: To authenticate and authorize the push operation, you need to generate an auth token. This token is used to authenticate your Docker CLI with the OCI Registry, allowing you to push the image securely. Note: Generating an API signing key, assigning an OCI defined tag via OCI CLI, and generating an OCI tag namespace are not required steps for pushing a new image to the OCI Registry.
Question 27
Which of the following step is NOT required for setting up the Container Engine for Kubernetes (OKE) cluster access using a local installation of kubectl?
Correct Answer: A
The step that is NOT required for setting up the Container Engine for Kubernetes (OKE) cluster access using a local installation of kubectl is to generate an Auth token from the OCI console. The authentication for accessing the OKE cluster using kubectl can be performed using the OCI CLI configuration, specifically the API signing key pair and the kubeconfig file. Here are the correct steps for setting up the OKE cluster access using a local installation of kubectl: Set up the kubeconfig file: The kubeconfig file contains the necessary information to authenticate and access the OKE cluster using kubectl. It includes details such as the cluster endpoint, authentication method, and credentials. Generate an API signing key pair (if you do not already have one) and upload the public key of the API signing key pair: The API signing key pair is used for authentication with the OCI services. The public key of the key pair needs to be uploaded to the OCI Console to associate it with your user account. Install and configure the Oracle Cloud Infrastructure (OCI) CLI: The OCI CLI provides a command-line interface to interact with the OCI services. It needs to be installed and configured with your OCI credentials, including the user's OCID, tenancy OCID, region, and the path to the API signing key pair. By completing these steps, you can configure kubectl to access and manage your OKE clusters from your local machine using the OCI CLI authentication configuration.
Question 28
Which statement about microservices is FALSE?
Correct Answer: B
The correct answer is: "Multiple microservices can run in one process." The statement that is FALSE about microservices is: "Multiple microservices can run in one process." Microservices are designed to be independent and autonomous services that can be deployed, scaled, and managed separately. Each microservice typically runs as its own separate process. This separation allows for loose coupling and independent scalability of individual services. Running multiple microservices in a single process would violate the fundamental principle of microservices architecture, which emphasizes the isolation and independence of services. Combining multiple microservices into a single process would tightly couple them, making it difficult to independently manage, scale, and update each service. The other statements provided are true about microservices: It is fairly common for microservices to communicate with HTTP: Microservices often communicate with each other using lightweight protocols like HTTP/REST. This allows for interoperability, flexibility, and ease of communication between microservices. Microservices are typically designed around business capabilities: Microservices architecture advocates designing services based on specific business capabilities or functionalities. Each microservice focuses on a specific business domain or task, enabling modular and scalable development. They are independently deployable: Microservices are designed to be independently deployable units. This means that each microservice can be developed, tested, deployed, and updated separately without affecting other services. This flexibility allows for faster development cycles and more efficient scalability.
Question 29
You developed a microservices-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination for this application using the fewest steps possible?
Correct Answer: A
The correct answer is: "Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: '443' service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret." To create a secure SSL termination for your microservices-based application running in an OCI Container Engine for Kubernetes (OKE) cluster, you can follow these steps: Create a self-signed certificate and its corresponding key: Generate a self-signed SSL certificate and its private key using a tool like OpenSSL. Create a Kubernetes secret: Create a Kubernetes secret using the certificate and key obtained in the previous step. This secret will securely store the certificate and key within the Kubernetes cluster. Add annotations to the Kubernetes service: Modify the Kubernetes service that exposes your application and add the following annotations to enable SSL termination: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: '443' (specify the SSL port as 443) annotations: service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret (specify the name of the Kubernetes secret containing the certificate and key) By following these steps, you can create a secure SSL termination for your application using a self-signed certificate and Kubernetes secret. The annotations added to the Kubernetes service ensure that the SSL port is configured correctly and the TLS secret is utilized for SSL termination when traffic reaches the load balancer. The other options provided are not the most suitable approaches for achieving secure SSL termination in an OCI Container Engine for Kubernetes (OKE) cluster: Adding annotations related to the OCI load balancer SSL secret key is not the correct approach for SSL termination in this scenario. Using Let's Encrypt to generate a self-signed certificate and configuring it on the OCI Load Balancer is not necessary when you can create and manage the SSL certificate within the Kubernetes cluster using a Kubernetes secret.
Question 30
Which is ONE of the differences between a microservice and a serverless function?
Correct Answer: A
The correct answer is: Microservices are used for long running operations while serverless functions are used for short running operations. One of the key differences between microservices and serverless functions is the duration of their execution. Microservices are typically designed to handle long-running operations and may continuously run and process requests as part of a larger system. They are often deployed and managed as long-lived services. On the other hand, serverless functions are designed to handle short-lived operations or tasks that execute in response to specific events or triggers. They are event-driven and execute only when invoked, providing a lightweight and ephemeral computing model. Serverless functions are often used for executing small, isolated pieces of code without the need for managing infrastructure or scaling concerns. While both microservices and serverless functions can be stateless or stateful depending on the specific implementation, the key distinction lies in the typical duration and execution pattern of these components within an application architecture.
