You have been asked to update an OKE cluster to a network configuration that has the least attack surface while the deployed applications are still directly available for access from the Internet. Which is a valid OKE cluster network configuration that meets this requirement? (Choose the best answer.)

• A.Private subnets for nodes, the Kubemetes API endpoint, and load balancers
• B.Private subnets for nodes; public subnets for the Kubemetes API endpoint and load balancers
• C.Private subnets for nodes and the Kubemetes API endpoint; public subnets for load balancers
• D.Private subnet for the Kubemetes API endpoint; public subnets for nodes and load balancers

Comment: *

Name: *

Email: *

Verification: *

Which is NOT a valid use case for leveraging the Oracle Cloud Infrastructure (OCI) Events service?

• A.Capturing the OCI Monitoring service alarms and invoking autoscaling of compute instances.
• B.Publishing a notification when long-lived tasks complete, such as an OCI Autonomous Database backup completion.
• C.Triggering a notification action when a function completes its execution.
• D.Triggering a function deployed in Oracle Functions when new files are uploaded to an OCI Object Storage bucket.
• E.Publishing all the OCI resource events in a specific compartment to the OCI Streaming service for later analysis.

Comment: *

Name: *

Email: *

Verification: *

Which is NOT a valid option to execute a function deployed in Oracle Functions?

• A.Invoke from the Docker CLI.
• B.Send signed HTTP requests to the function's invoke endpoint.
• C.Invoke from the Fn Project CLI.
• D.Trigger by an event in the Oracle Cloud Infrastructure (OCI) Events service.
• E.Invoke from the OCI CLI.

Comment: *

Name: *

Email: *

Verification: *

(CHK_4>2) You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?

• A.New secret versions automatically expire in 90 days unless you configure an expiry rule.
• B.You can manually create new secrets as well as new secret versions using the OCI Console:
• C.A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version.
• D.A secret reuse rule prevents the use of secret contents across different versions of a secret.

Comment: *

Name: *

Email: *

Verification: *

Which kubectl command syntax is valid for implementing a rolling update deployment strategy in Kubernetes? (Choose the best answer.)

• A.kubectl upgrade -c <container> --image=image:v2
• B.kubectl update <deployment-name> --image=image:v2
• C.kubectl rolling-update <deployment-name> --image=image:v2
• D.kubectl update -c <container> --iniage=image: v2

Comment: *

Name: *

Email: *

Verification: *