Oracle 1Z0-1084-23 Oracle Cloud Infrastructure 2023 Developer Professional Exam Exam Practice Test Questions

• Question 1

  (CHK_4>2) You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?

  • New secret versions automatically expire in 90 days unless you configure an expiry rule.
  • You can manually create new secrets as well as new secret versions using the OCI Console:
  • A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version.
  • A secret reuse rule prevents the use of secret contents across different versions of a secret.

  Show Answer Answer: C Next

• Question 2

  You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment". Your corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case? (Choose two.)

  • Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects in target.bucket.name= "input-bucket'
  • Set up a policy to grant your user account read access to the bucket: allow user XYZ to read objects in compartment qa-compartment where target.bucket.name= "input-bucket'
  • Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource.id= "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5m vr55pms6f4da'
  • No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy.
  • Set up a policy with the following statement to grant read access to the bucket: allow dynamic- group read-file-dg to read objects in compartment qa- compartment where target.bucket.name= 'input-bucket'

  Show Answer Answer: C, ,E Next

• Question 3

  A developer using Oracle Cloud Infrastructure (OCI) API Gateway needs to authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string-based parameters from the API caller. Which approach should the developer use in this scenario?

  • Create a cross account functions authorizer.
  • Create an authorizer function using OCI Identity and Access Management 91AM) based authentication.
  • Create an authorizer function using request header authorization.
  • Create an authorizer function using token-based authorization.

  Show Answer Answer: D Next

• Question 4

  Which TWO are characteristics of microservices? (Choose two.)

  • Microservices communicate over lightweight APIs.
  • Microservices can be implemented in limited number of programming languages.
  • All microservices share a data store.
  • Microservices are hard to test in isolation.
  • Microservices can be independently deployed.

  Show Answer Answer: A, ,E Next

• Question 5

  To enforce mutual TLS (mTLS) authentication for clients of your microservices, your team has chosen to leverage the Oracle Cloud Infrastructure (OCI) API Gateway service to create new API Deployments that will direct requests to your microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway?

  • Custom CA or custom CA bundles can be added to your gateway's trust store ONLY if they already exist in the OCI Certificates service.
  • Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name).
  • The mTLS request policy can only be enabled at the API deployment specification level, which then applies globally to ALL routes in that deployment.
  • Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless you have defined one or more particular values (such as a domain name).

  Show Answer Answer: B Next