Question 1

As a Cloud Native developer, you have written a web service for your company. However, your security team has suggested that your web service should address Distributed Denial-of-Service (DDoS) attack. You are time-constrained and you need to ensure that this is implemented as soon as possible. What should you do in this scenario? (Choose the best answer.)

Options :

A : Use a third party service integration to Implement DDoS attack mitigation

B : Re-write your web service and implement rate limiting

C : Use the OCI Virtual Cloud Network (VCN) segregation to control DDoS.

D : Use the OCI API Gateway service and configure rate limiting.

Answer: D

Question 2

Which of the following TWO statements are TRUE about deleting a Kubernetes cluster? (Choose two.)

Options :

A : Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNS, Internet Gateways, NAT Gateways, Route Tables, Security Lists,B.Load Balancers, and Block Volumes) are deleted automatically.

B : If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted

C : Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNS. Internet Gateways, NAT Gateways, Route Tables, Security Lists. Load Balancers, and Block Volumes) are deleted automatically.

D : Changing the auto-generated name of a worker node does not affect the deletion of the worker node when the cluster in which it is created is deleted.

E : You cannot change the autogenerated names of the worker nodes in the format oke-c< part-of clusterCCID >-< part-of-node-pool-OCID >-< part-of-subnet-OCID >-< slot > within a Kubernetes cluster.

Answer: B,C

Question 3

You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment". Your corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case? (Choose two.)

Options :

A : Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects in target.bucket.name= "input-bucket'

B : Set up a policy to grant your user account read access to the bucket: allow user XYZ to read objects in compartment qa-compartment where target.bucket.name= "input-bucket'

C : Set up the following dynamic group for your function-s OCID: Name: read-file-dg Rule: resource.id = "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5m vr55pms6f4da'

D : No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy.

E : Set up a policy with the following statement to grant read access to the bucket: allow dynamicgroup read-file-dg to read objects in compartment qa- compartment where target.bucket.name= 'input-bucket'

Answer: C,E

Question 4

Which "Action Type" option is NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?

Options :

A : Streaming

B : Email

C : Notifications

D : Functions

Answer: B

Question 5

You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIsto POST messages to a stream in the OCI Streaming service.Which statement is incorrect?

Options :

A : The request must include an authorization signing string including (but not limited to) x-content-sha256, content-type, and content-length headers.

B : The Content-Type header must be Set to application/j son

C : An HTTP 401 will be returned if the client-s clock is skewed more than 5 minutes from the server's.

D : The request does not require an Authorization header.

Answer: D