Best Oracle 1z0-1084-23 Exam Practice Material Updated on Mar 20, 2024 [Q14-Q33]

Best Oracle 1z0-1084-23 Exam Practice Material Updated on Mar 20, 2024

New 1z0-1084-23 Actual Exam Dumps,  Oracle Practice Test

Oracle 1z0-1084-23 Exam Syllabus Topics:

Topic	Details
Topic 1	Explain cloud-native testing and discuss measures for testing cloud-native applications Develop and deploy containerized applications on OKE
Topic 2	Develop Serverless Applications with Oracle Functions Explain the fundamentals of cloud-native and discuss the key pillars of cloud-native development
Topic 3	Explain docker and the concepts around its architecture and components Perform Tasks around Monitoring, Logging, and Tracing
Topic 4	Use OCIR to pull and push container images Apply security measures to overcome challenges with cloud-native development
Topic 5	Cloud Native Applications And Containerization Use OCI Logging service to enable, manage, and search logs

 

NEW QUESTION # 14
You have a containerized application that requires access to an Autonomous Transaction Processing (ATP) Database. Which option is NOT valid when the container is deployed in an OKE cluster? (Choose the best answer.)

• A. Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy ServiceInstance and ServiceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest.
• B. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest.
• C. Enable Oracle REST Data Services for the required schemas and connect via HTTPS.
• D. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime.

Answer: A

Explanation:
Explanation
The option that is not valid for connecting to an Autonomous Transaction Processing (ATP) Database from a container in Kubernetes is: Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy ServiceInstance and ServiceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest. The Oracle Cloud Infrastructure Service Broker is not used for connecting to an ATP Database from a container in Kubernetes. The Service Broker is used for provisioning and managing cloud services directly from Kubernetes. It allows you to create and manage instances of OCI services using Kubernetesresources like ServiceInstance and ServiceBinding. To connect to an ATP Database from a container in Kubernetes, you can use one of the following valid options: Enable Oracle REST Data Services for the required schemas and connect via HTTPS. This involves enabling and configuring Oracle REST Data Services (ORDS) for the schemas in the ATP Database. You can then connect to the ATP Database using RESTful endpoints provided by ORDS. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime. This approach involves configuring the necessary environment variables on the container to provide the ATP instance OCID and OCI API credentials. The application can then use the OCI SDK or REST API (such as the CreateConnection endpoint) to establish a connection to the ATP Database. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest. This method involves creating a Kubernetes secret that contains the necessary credentials from the ATP Database's instance wallet files. The secret can then be mounted as a volume in the application deployment, allowing the application to access the required credentials for connecting to the ATP Database. Both options 1 and 3 provide valid approaches for connecting to an ATP Database from a container in Kubernetes, depending on the specific requirements and preferences of the application.

NEW QUESTION # 15
You need to push a new Docker container image to a repository in the Oracle Cloud Infrastructure (OCI) Registry. Which mechanism must you use to provide authentication?

• A. Generate an Auth Token to complete the authentication via the OCI CLI.
• B. Generate an API signing key to complete the authentication via the OCI CLI.
• C. Generate an Auth Token to complete the authentication via the Docker CLI.
• D. Generate an API signing key to complete the authentication via the Docker CLI.

Answer: C

Explanation:
To push a new Docker container image to a repository in OCI Registry, you need to use an Auth Token to complete the authentication via the Docker CLI1. An Auth Token is a secure, auto-generated password that you can use to authenticate with OCI services such as OCI Registry1. You can generate an Auth Token in the Console by following these steps1:
In the top-right corner of the Console, open the Profile menu and then click User settings to view the details.
On the Auth Tokens page, click Generate Token.
Enter a friendly description for the auth token. Avoid entering confidential information.
Click Generate Token. The new auth token is displayed.
Copy the auth token immediately to a secure location from where you can retrieve it later, because you won't see the auth token again in the Console.
Close the Generate Token dialog. After generating an Auth Token, you need to log in to OCI Registry by entering docker login <region-key>.ocir.io in a terminal window on the client machine running Docker, where <region-key> corresponds to the key for the OCI Registry region you're using1. When prompted for a username, enter your username in the format <tenancy-namespace>/<username>, where <tenancy-namespace> is the auto-generated Object Storage namespace string of your tenancy1. When prompted for a password, enter the Auth Token you copied earlier1.

NEW QUESTION # 16
Which statement best describes the term "cloud native"?

• A. Cloud native refers to the process of migrating applications from on-premises infrastructure to the cloud.
• B. Cloud native refers to the use of cloud infrastructure to run traditional on-premises applications.
• C. Cloud native refers to the use of cloud-based development tools to build traditional on-premises applications.
• D. Cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure.

Answer: D

Explanation:
Explanation
Cloud native is the software approach of building, deploying, and managing modern applications in cloud computing environments3. Cloud native apps are designed and built to exploit the scale, elasticity, resiliency, and flexibility the cloud provides4. Cloud native technologies support fast and frequent changes to applications without impacting service delivery, providing adopters with an innovative, competitive advantage3. Therefore, cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure. Verified References: What is Cloud Native? - Everything you need to know, What is Cloud Native?| Microsoft Learn

NEW QUESTION # 17
Which term describes a group formed by a master machine and a worker machine in a Kubernetes architecture?

• A. Pod
• B. Node
• C. Deployment
• D. Container
• E. Cluster

Answer: E

Explanation:
The term that describes a group formed by a master machine and a worker machine in a Kubernetes architecture is "Cluster". A cluster in Kubernetes consists of one or more master machines and multiple worker machines (also known as nodes). The master machine manages the overall control plane and orchestrates the deployment and management of containers on the worker nodes. The worker nodes are responsible for running the containers and executing the workloads. The cluster is the fundamental unit of organization and management in Kubernetes, providing the infrastructure and resources to run and manage containerized applications. It ensures high availability, scalability, and fault tolerance for the applications deployed within it.

NEW QUESTION # 18
As a Cloud Native developer, you develop two services in Node.js and deploy them to two different Container Engine for Kubernetes (OKE) clusters that use the same Virtual Cloud Network (VCN). Your security team wants to analyze the network communication between them. How can this requirement be met in the most cost-effective way?

• A. Rewrite the application and send the application logs to an outside log aggregator.
• B. Deploy a third-party logging service and aggregate the network flow logs.
• C. Deploy Wireshark and intercept the packets.
• D. Use the OCI Logging service and enable VCN flow logs.

Answer: D

Explanation:
The best answer is: "Use the OCI Logging service and enable VCN flow logs." To meet the requirement of analyzing network communication between two services deployed in different Container Engine for Kubernetes (OKE) clusters within the same Virtual Cloud Network (VCN) in a cost-effective way, you can use the OCI Logging service and enable VCN flow logs. The VCN flow logs feature in OCI allows you to capture and log network traffic information for your VCN resources. By enabling VCN flow logs, you can monitor and analyze the network communication between your services without the need for additional third-party logging services or tools. Enabling VCN flow logs provides visibility into the network traffic, including source and destination IP addresses, ports, protocols, and other relevant details. This information can be collected and stored in the OCI Logging service, where you can analyze and gain insights into the network communication patterns between your services. By leveraging the built-in capabilities of the OCI Logging service and enabling VCN flow logs, you can fulfill the security team's requirement for network communication analysis in a cost-effective manner. This eliminates the need for deploying additional third-party logging services or tools, reducing complexity and potential costs associated with their setup and maintenance. The other options mentioned are not the most cost-effective or suitable solutions for analyzing network communication in this scenario: Deploying a third-party logging service and aggregating the network flow logs would introduce additional costs and complexity, which may not be necessary considering the built-in capabilities provided by OCI. Rewriting the application to send logs to an outside log aggregator would not directly address the requirement of analyzing network communication between the services. It would focus more on application-level logs rather than network-level analysis. Deploying Wireshark and intercepting packets would require additional infrastructure setup and maintenance, which may not be the most cost-effective approach for network analysis in this scenario.

NEW QUESTION # 19
Your team has chosen to use master encryption key (MEK) within an Oracle Cloud Infrastructure (OCI) Vault for encrypting Kubernetes secrets associated with your microservice deployments in OCI Container Engine for Kubernetes (OKE) clusters so that you can easily manage key rotation. Which of the following is NOT valid about rotating keys in the OCI Vault service?

• A. Both software and HSM-protected MEKS can be rotated.
• B. When you rotate an MEK, a new key version is automatically generated.
• C. Once rotated, older key versions can be used for encryption until they are deleted.
• D. Each key version is tracked internally with separate unique OCIDS.

Answer: C

Explanation:
Explanation
The correct answer is: "Once rotated, older key versions can be used for encryption until they are deleted." The statement that is NOT valid about rotating keys in the OCI Vault service is: "Once rotated, older key versions can be used for encryption until they are deleted." In the OCI Vault service, when you rotate a master encryption key (MEK), a new key version is automatically generated. However, once a key is rotated and a new version is created, the older key versions are no longer usable for encryption. The purpose of key rotation is to ensure that the encryption keys are regularly updated and that older keys are no longer used to protect sensitive data. This enhances security by minimizing the impact of potential key compromises. The other statements mentioned are valid: Both software and hardware security module (HSM)-protected MEKs can be rotated. This provides flexibility in choosing the type of MEK and ensures that key rotation can be performed regardless of the encryption method used. Each key version is tracked internally with separate unique OCIDs (Oracle Cloud Identifiers). This allows for easy management and tracking of different key versions within the OCI Vault service. In summary, the statement that is NOT valid is the one suggesting that older key versions can still be used for encryption until they are deleted. Key rotation is designed to ensure the use of the latest key version and to retire older key versions to enhance security.

NEW QUESTION # 20
Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition? (Choose two.)

• A. Email
• B. Notifications
• C. Functions
• D. Slack
• E. Streaming

Answer: A,D

Explanation:
The two "Action Type" options that are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition are: Email (Correct) Slack (Correct) The available "Action Type" options in OCI Events rule definition include Functions, Notifications, and Streaming. However, email and Slack are not directly supported as action types in OCI Events. Instead, you can use Notifications to send notifications to various notification channels, including email and Slack, through the OCI Notifications service.

NEW QUESTION # 21
Which is NOT a valid backend-type option available when configuring an Oracle Cloud Infrastructure (OCI) API Gateway Deployment?

• A. ORACLE_FUNCTIONS_BACKEND
• B. HTTP_BACKEND
• C. ORACLE STREAMS_BACKEND

Answer: C

Explanation:
When configuring an OCI API Gateway deployment, you need to specify the backend type for each route in your API deployment specification3. The backend type determines how the API gateway handles requests to that route and forwards them to the appropriate backend service3. The following backend types are valid options for an OCI API Gateway deployment3:
HTTP_BACKEND: The API gateway forwards requests to an HTTP or HTTPS URL as the backend service.
ORACLE_FUNCTIONS_BACKEND: The API gateway invokes an Oracle Functions function as the backend service.
STOCK_RESPONSE_BACKEND: The API gateway returns a stock response without invoking any backend service. ORACLE STREAMS_BACKEND is not a valid backend type for an OCI API Gateway deployment. Oracle Streams is a fully managed, scalable, and durable messaging service that you can use to ingest and consume large amounts of data in real-time4. However, Oracle Streams is not supported as a backend service for an OCI API Gateway deployment.

NEW QUESTION # 22
You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an OCI API Gateway with the below API deployment specification. What is the correct value for type? { "routes" : [{ "path" : "/hello", "methods" : ["Get"), "backend" : { "type" : " ---------------- ", "status" : 200, "headers" : [{ "name" : "Content-Type", "value" : "application/json" }] "body" : "{\"myjson\": \"consistent response\"}" }}]}

• A. STOCK_RESPONSE_BACKEND
• B. CONSTANT_BACKEND
• C. JSON_BACKEND
• D. HTTP_BACKEND

Answer: A

Explanation:
The correct value for the "type" field in the API deployment specification is "STOCK_RESPONSE_BACKEND". By setting the "type" to "STOCK_RESPONSE_BACKEND", you are indicating that the backend for the specified route should return a pre-defined response. This type of backend is commonly used when you want a specific response to be returned consistently, regardless of the actual backend service implementation. In this case, the API deployment specification is configured to have a single route with the path "/hello" and the method "GET". The backend section specifies the type as "STOCK_RESPONSE_BACKEND". Additionally, it defines the response status code as 200, sets the "Content-Type" header to "application/json", and provides the JSON content in the "body" field. Using this configuration, any request to the "/hello" path with the "GET" method will always receive a consistent JSON response with the content "{"myjson": "consistent response"}".

NEW QUESTION # 23
Your team has been tasked with debugging a Cloud Native application developed using the following Oracle Cloud Infrastructure (OCI) services: Object Storage, Events, Functions, API Gateway, and Autonomous Database. Which of these is NOT a valid option for troubleshooting issues in OCI? (Choose the best answer.)

• A. Trace performance issues In the Application Performance Monitoring service by enabling Function traces.
• B. View service metric information from the OCI Monitoring service.
• C. Configure the application to send logs to the OCI Logging service.
• D. Leverage OCI Cloud Guard to extract and visualize the debug logs generated by your application.
• E. Use OCI Service Connector Hub to configure a service connector to automatically send logs to the OCI Logging Analytics service.

Answer: A

Explanation:
To troubleshoot issues in OCI, the option that is not valid is: Trace performance issues in the Application Performance Monitoring service by enabling Function traces. While the Application Performance Monitoring service in OCI allows you to monitor and trace the performance of your applications, it is specifically designed for monitoring OCI Functions (serverless functions) and does not directly apply to all types of applications. The other options mentioned, such as configuring logs in the OCI Logging service, leveraging OCI Cloud Guard for debug logs, viewing service metrics in the OCI Monitoring service, and using OCI Service Connector Hub for log forwarding, are valid options for troubleshooting and monitoring applications in OCI.

NEW QUESTION # 24
Which option best defines microservices?

• A. A finely tuned piece of software that performs a single or small collection of tasks.
• B. An open-source system for automating deployment, scaling, and management of containerized applications.
• C. An organized collection of structured information or data, typically stored electronically in a computer system.
• D. A statically typed and compiled language.

Answer: A

Explanation:
Explanation
The correct answer is: "A finely tuned piece of software that performs a single or small collection of tasks." Microservices are a software architectural approach where a system is decomposed into small, independent services that are responsible for performing a specific set of tasks. Each microservice is designed to be focused, finely tuned, and highly cohesive, handling a single or a small collection of related tasks. This granularity allows for better scalability, maintainability, andflexibility in building complex applications. The other options provided do not accurately define microservices: An open-source system for automating deployment, scaling, and management of containerized applications refers to a container orchestration tool like Kubernetes, which can be used to manage microservices but is not a definition of microservices itself. A statically typed and compiled language describes a type of programming language characteristic and is not specific to the concept of microservices. An organized collection of structured information or data, typically stored electronically in a computer system is a definition of a database or data storage system and is unrelated to microservices.

NEW QUESTION # 25
Which open source engine is used by Oracle Cloud Infrastructure (OCI) to power Oracle Functions?

• A. Fn Project
• B. Kubeless
• C. Apache OpenWhisk
• D. Knative

Answer: A

Explanation:
Fn Project is the open source engine that is used by OCI to power Oracle Functions1. Fn Project is an open source, container native, serverless platform that can be run anywhere - any cloud or on-premises1. Fn Project is easy to use, extensible, and performant. You can download and install the open source distribution of Fn Project, develop and test a function locally, and then use the same tooling to deploy that function to Oracle Functions1. Verified Reference: Overview of Functions

NEW QUESTION # 26
(CHK_4>2) You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?

• A. A secret reuse rule prevents the use of secret contents across different versions of a secret.
• B. New secret versions automatically expire in 90 days unless you configure an expiry rule.
• C. You can manually create new secrets as well as new secret versions using the OCI Console:
• D. A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version.

Answer: D

Explanation:
Explanation
The correct answer is: "A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version." The statement that is NOT valid about managing secrets in the OCI Vault service is: "A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version." In OCI Vault, a secret is identified by its OCID (Oracle Cloud Identifier), which is a unique identifier for each resource inOracle Cloud Infrastructure. However, when a new secret version is created for an existing secret, the OCID remains the same for the secret itself, but a new OCID is generated for the secret version. This allows you to track and manage different versions of a secret while maintaining a consistent OCID for the secret itself. The other statements mentioned are valid: You can manually create new secrets as well as new secret versions using the OCI Console. This means you have control over creating and managing secrets within the Vault service. A secret reuse rule prevents the use of secret contents across different versions of a secret. This ensures that each secret version maintains its own unique set of contents and avoids accidental reuse or sharing of secrets across versions. By default, new secret versions automatically expire in 90 days unless you configure an expiry rule. This helps enforce good security practices by automatically rotating secrets periodically, reducing the risk of unauthorized access in case of compromise. Therefore, the statement that is NOT valid is the one regarding the uniqueness and consistency of the OCID when creating new secret versions.

NEW QUESTION # 27
Which of the following TWO statements are TRUE about deleting a Kubernetes cluster? (Choose two.)

• A. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNS. Internet Gateways, NAT Gateways, Route Tables, Security Lists. Load Balancers, and Block Volumes) are deleted automatically.
• B. If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted.
• C. Changing the auto-generated name of a worker node does not affect the deletion of the worker node when the cluster in which it is created is deleted.
• D. You cannot change the autogenerated names of the worker nodes in the format oke-c<part-of cluster- CCID>-<part-of-node-pool-OCID>-<part-of-subnet-OCID>-<slot> within a Kubernetes cluster.
• E. Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNS, Internet Gateways, NAT Gateways, Route Tables, Security Lists, B. Load Balancers, and Block Volumes) are deleted automatically.

Answer: A,B

Explanation:
The correct statements about deleting a Kubernetes cluster are: If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted. Changing the name of a worker node does not affect its deletion when the cluster is deleted. The cluster deletion process does not consider the renamed worker nodes and will delete all worker nodes associated with the cluster. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNs, Internet Gateways, NAT Gateways, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically. These additional resources are not automatically deleted when the cluster is deleted. You need to manage the deletion of these resources separately, if desired. Therefore, the correct statements are that the renamed worker nodes are not deleted when the cluster is deleted, and other associated resources are not automatically deleted when the cluster is deleted.

NEW QUESTION # 28
Which testing strategy achieves high velocity of deployments and releases of cloud native applications? (Choose the best answer.)

• A. A/B testing
• B. Automated testing
• C. Penetration testing
• D. Integration testing

Answer: B

Explanation:
The testing strategy that achieves high velocity of deployments and releases of cloud native applications is "Automated testing." Automated testing involves the use of automated tools and frameworks to execute tests, validate functionality, and detect issues or bugs in an application. By automating the testing process, developers and DevOps teams can rapidly test and validate code changes, ensuring that new features and updates are functioning correctly before being deployed to production. This approach helps increase the speed and efficiency of the testing process, allowing for faster and more frequent deployments of cloud native applications.

NEW QUESTION # 29
Your team has created a serverless application deployed in Oracle Functions. It uses a Python function leveraging the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI compute instance that does not comply with your corporate security standards. Although there are three non-compliant OCI compute instances, when you invoke this function, none of the instances were stopped. With respect to this issue, which of the following is a valid troubleshooting strategy?

• A. Enable function tracing in the OCI console, and then go to the OCI Monitoring console to view the function stack trace.
• B. Ensure that the application is deployed within the same OCI compartment as the instance, because you cannot enable function execution data from the OCI console.
• C. Enable function logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot.
• D. Enable function remote debugging in the OCI console, and then use your favorite IDE to inspect the function running on Oracle Functions.

Answer: C

Explanation:
The valid troubleshooting strategy in this scenario is to enable function logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot. Enabling function logging allows you to capture and store logs generated by your function during its execution. By adding print statements or log statements in your function code, you can output relevant information and debug messages to the logs. This helps you understand the execution flow, identify any errors or issues, and gather more information about the function's behavior. To troubleshoot the issue of the Python function not stopping the non-compliant OCI compute instances, you can follow these steps: Enable function logging in the OCI console: Enable logging for your function to ensure that logs are captured during its execution. Modify your function code: Add relevant print statements or log statements at key points in your code to output debug information or verify the execution flow. For example, you can print the instance details that are being evaluated for compliance. Invoke the function: Trigger the function execution either through an event or manually. View the logs: Access the function logs in the OCI console or retrieve them programmatically. Look for the expected print statements or log entries that indicate the status of each instance and the decisions made by the function. By reviewing the logs, you can analyze the output and identify any issues or discrepancies. It can help you determine if the function is correctly evaluating the compliance criteria, retrieving the instance details, or making the necessary API calls to stop the instances. You may need to adjust your code logic or investigate further based on the information provided in the logs. Enabling function remote debugging is not a suitable strategy in this case because it is primarily used for inspecting and debugging the function code during development, rather than troubleshooting issues in a deployed function. Enabling function tracing can provide insights into the execution flow and performance of the function but may not directly address the issue of the instances not being stopped. Ensuring that the application is deployed within the same OCI compartment as the instance is not directly related to troubleshooting the issue with the non-compliant instances. It is a consideration for access and permissions but does not provide specific insights into the problem at hand. Remember to refer to the Oracle Functions documentation and consult the official resources for detailed instructions and best practices on troubleshooting and monitoring Oracle Functions.

NEW QUESTION # 30
Which of these is NOT a valid authentication method for accessing an OCI API Gateway deployment?

• A. OAuth
• B. HTTP Basic
• C. API Key
• D. SAML Token

Answer: D

Explanation:
Explanation
OCI API Gateway supports the following authentication methods for accessing an API deployment3:
* HTTP Basic: The client sends a username and password with each request. The credentials are validated against a user database in Oracle Identity Cloud Service (IDCS).
* API Key: The client sends an API key with each request. The API key is validated against a list of keys stored in IDCS or OCI Vault.
* OAuth: The client obtains an access token from an authorization server (such as IDCS) and sends it with each request. The access token is validated against the authorization server and optionally checked for required scopes.
* JWT Token: The client obtains a JSON Web Token (JWT) from an identity provider (such as IDCS or OCI IAM) and sends it with each request. The JWT is validated against the identity provider's public key and optionally checked for required claims. SAML Token is not a valid authentication method for accessing an OCI API Gateway deployment. SAML is an XML-based standard for exchanging
* authentication and authorization data between different parties, such as a service provider and an identity provider4. SAML tokens are typically used for web browser single sign-on (SSO) scenarios, not for API access4.

NEW QUESTION # 31
To enforce mutual TLS (mTLS) authentication for clients of your microservices, your team has chosen to leverage the Oracle Cloud Infrastructure (OCI) API Gateway service to create new API Deployments that will direct requests to your microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway?

• A. Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name).
• B. The mTLS request policy can only be enabled at the API deployment specification level, which then applies globally to ALL routes in that deployment.
• C. Custom CA or custom CA bundles can be added to your gateway's trust store ONLY if they already exist in the OCI Certificates service.
• D. Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless you have defined one or more particular values (such as a domain name).

Answer: A

Explanation:
Explanation
The correct answer is: "Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)." The statement that is NOT valid regarding the mTLS options in OCI API Gateway is:
"Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)." In OCI API Gateway, adding a custom certificate authority (CA) or custom CA bundle to the gateway's trust store is not optional. It is a necessary step when configuring mTLS authentication. The trust store in the gateway is used to validate the client certificates presented during mTLS authentication. The other options listed are valid regarding the mTLS options in OCI API Gateway: Once the mTLS request policy is enabled, all requests with valid certificates are routed to the backend unless specific values (such as a domain name) are defined. This means that only requests with valid client certificates will be allowed to access the backend microservices. The mTLS request policy can only be enabled at the API deployment specification level, and it applies globally to all routes in that deployment. This ensures consistent mTLS authentication across all routes and endpoints in the API deployment. Custom CA or custom CA bundles can be added to the gateway's trust store, but only if they already exist in the OCI Certificates service. This allows you to include trusted CAs or CA bundles to validate client certificates during mTLS authentication.

NEW QUESTION # 32
You have two microservices, A and B, running in production. Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which include service B. Which approach should you take to test service A?

• A. There is no need to explicitly test APIs.
• B. Test the APIs in private environments.
• C. Test using API mocks.
• D. Test against production APIs.

Answer: C

Explanation:
Explanation
API mocking is a technique that simulates the behavior of real APIs without requiring the actual implementation or deployment of the dependent services1. API mocking allows you to test changes to service A without deploying all of its dependencies, such as service B, by creating mock responses for the APIs that service A relies on1. API mocking has several benefits, such as1:
* Faster testing: You can test your service A without waiting for service B to be ready or available, which reduces the testing time and feedback loop.
* Isolated testing: You can test your service A in isolation from service B, which eliminates the possibility of external factors affecting the test results or causing errors.
* Controlled testing: You can test your service A with different scenarios and edge cases by creating mock responses that mimic various situations, such as success, failure, timeout, etc.

NEW QUESTION # 33
......

Study HIGH Quality 1z0-1084-23 Free Study Guides and Exams Tutorials: https://freetorrent.braindumpsvce.com/1z0-1084-23_exam-dumps-torrent.html