A Docker image consists of one or more layers, each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. What permission is associated with these layers?

1. A. read mostly
2. B. write only
3. C. movable
4. D. read only
5. E. write once

Correct Answer: D

You developed a microservices-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. It has multiple endpoints that need to be exposed to the public internet. What is the most cost-effective way to expose multiple application endpoints without adding unnecessary complexity to the application?

1. A. Use a NodePort service type in Kubernetes for each of your service endpoints using the node's public IP address to access the applications.
2. B. Create a separate load balancer instance for each service using the lowest 100 Mbps option.
3. C. Use a ClusterIP service type in Kubernetes for each of your service endpoints using a load balancer to expose the endpoints.
4. D. Deploy an Ingress Controller and use it to expose each endpoint with its own routing endpoint.

Correct Answer: D

To effectively test your cloud native applications for "unknown unknowns", you need to employ various testing and deployment strategies. Which strategy involves exposing new functionality or features to only a small set of users?

1. A. A/B Testing
2. B. Component Testing
3. C. Blue/Green Deployment
4. D. Canary Deployment

Correct Answer: D

Your organization has deployed their e-commerce application on Oracle Container Engine for Kubernetes (OKE) and they are using the Oracle Cloud Infrastructure Registry (OCIR) service as their Docker image repository. They have deployed the OKE cluster using the 'custom create' option, and their Virtual Cloud Network (VCN) has three public subnets with associated Route Tables, Security Lists, and Internet Gateway. However, their application containers are failing to deploy. On investigation, they discover that the images are not being pulled from the designated OCIR repository, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated?

1. A. Security List rule for TCP port 22 needs to be added to connect to the OCIR service.
2. B. VCN hosting the OKE cluster worker nodes needs to have a NAT gateway to access OCIR repositories.
3. C. Identity and Access Management (IAM) credentials need to be added for each user that deploys applications to the OKE cluster.
4. D. OKE cluster needs to have a secret with the credentials of their OCIR repository and use that secret in the Kubernetes deployment manifest.

Correct Answer: D

Your organization is developing serverless applications with Oracle Functions. Many functions will need to store state data in a database, which will require using appropriate credentials. However, your corporate security standards mandate encryption of secret information, such as database passwords. How would you address this security requirement?

1. A. Use OCI Console to enter the password in the function configuration section in the provided input field.
2. B. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.
3. C. Use the OCI Vault service to auto-encrypt the password and then set an application- level configuration variable to reference the auto-decrypted password inside your function container.
4. D. Encrypt the password using the OCI Vault service and then decrypt this password in your function code with the generated key.

Correct Answer: D