DevOps Introduction

(Answ er a ll ques tions in t his sectio n)

(0/ 1) Points
1. What is the best definition of t he DevOps life cycle?
0 Only a development process that involves heightened collaboration, culture, and
communication

A staggered-release, agile process for software development

A rapid-release, multi-phased software development life cycle (SDLC) (*)

A process of software coding that involves multiple phases and releases

X Incorrect. Dev()ps is a set of practices that emphasizes collaborat i on and communication

between de\"elopment and operations teams to de 1 i ver software more efficient ly and
r e l iably. The De v()ps l ife cycle inrnh es a r a pid- r e l ease approach to software
de \·e lopment . with multipl e phases that include pl anning . deve l opment. t esting .
de ployment. and moni tar ing. The goa l of the DevOps 1ife cycl e is to ens ure that s oft11;are
i s de li \·ered quickly . with high qua l ity and rel i abi 1i ty . by breaking down s i l os between
t ea.ms and automa ting pr ocesses where\·er poss ibl e.

Page 1 of 61Next I [ summary f

DevOps Introduction
( Answe:r all que:stions in t his se:ction)

(1/ 1) Points
2. I n software development, various models and methodologies are used to manage the software
development process. DevOps is a relatively new methodology that has gained popularity in recent years due
to its ability t o streamline t he development and deployment process. With that in mind, DevOps is often
considered an extension of which traditional software development model or methodology?
0 Agile methodology (*)
Incremental and Iterative model

Waterfall model

Spiral model

y'(orrect. Agi l e methodol ogy is a traditional software devel opment r.todel that emphasizes
flex ib i 1 i t y, collaboration, and i terat i \·e de\·elopment. DevOps is often considered an
extension of Agile methodology because it shares many of t he s2me values and principles,
such as a focus on continuous imprm·ement . frequent feedback . and cross-functional
collaboration.

[ Previous I Page 2 of 6 ~ ["summary

DevOps Introduction
( An swer all q uestions in t his section)

(0/ 1) Points
3. Which of t hese is NOT a benefit of utilizing DevOps as a service on Oracle Cloud Infrastructure {OCI)?
0 Streamlined communication and collaboration between development and operations teams

Reduced infrastructure and maintenance expenses due to automated provisioning and resource
management

Delayed development progress and prolonged time-to-market for applications (*)

Enhanced securi ty and compliance measures for applications and infrastructure

XYou have chosen an incorrec t a nswer.

I Previous I Page 3 of 6 EJ I Sum mary ;

DevOps Introduction
(Answer all questions in t his section)

{0/1) Points
4. As a n aspiring software designer or cloud architect, you want to know more about DevOps as a Service.
Which o f the following options best defines DevOps as a service ?
0 It is a service that operates two separate pipelines concurrently to support multiple
development t e ams.

It is a CI/CD platfonn that enables developers to automate and streamline their software
delivery life cycle. ( * )

It is a service that provides tools and resources for various IT professionals to build and
manage cloud-based systems.

It is a service that primarily focuses on deploying and maintaining cloud infrastructure for
system administrators .

X l ncorrect. DevOps as a Serv i ce is a cloud-based serv i ce that prov i des a platform for
teams to automate and streaml ine their softwe.re delivery life c ycl e. It offers tools and
r e sources to support the entire Dev()ps process. from code deve lopment and testing t o
deployment and monitoring. De\'()ps as a Ser\'ice is typically based on a Continuous
Integration· Continuous Deployment (CI -·co) model. which enables developers to quickly
and e fficient ly deliver software updates to product ion em·ironments.

[ Previous ] Page 4 of 6 EJ FrwrvJ

DevOps Introduction
(Answer all quest ions in th is section)

(0/ 1) Points
5. A software development team has a pipeline set up for t heir applicat ion code, which automat ically builds
and tests the code on each commit. Once t he build and test stages are successful, t he team deploys the code
to a staging environment. However, the deployment to the production environment is done manually after
approval from t he team lead. Which DevOps practice does this scenario best represent?
0 continuous Testing

Continuous Delivery(*}

Continuous Monitoring

Continuous Development

X I ncorrect . Continuous Deli very is a DevOps practice i n wh ich the development team
ensures that the appli cation code is always ready for deployment to production by
2.utomating the build. test . and deployment processes. In t he scen2.rio. t he de\·e lopment
team has a l ready automated t he bui l d and test st21ges and deploys the code to a staging
endronment automatically_ Howerer. the deployment to the production endronment is done
m2.nually after approval from the te2m l ead. which is 2. common practice in Continuous
Delivery.

I Prev ious i Page 5 of 6 EJ I Summary I

DevOps Introduction
(Answer all questions in t his section )

(0/ 1) Points
6 . How do OCI DevOps Deployment Pipelines reduce risk and complexity of production applications?
0 By scaling builds with service-managed build runners

By reducing change-driven errors introduced by manual deployments {*}

By working with existing Git repositories and Cl systems

By eliminating down time of production applications

X l ncorrect. OCI (Oracle Cloud I nfrastructure) DevOps Deployment Pipelines enabl e teams
to automate the deployment process for their applications . reducing t he risk and
compl exity associated with manual deployments. By automating the deployment process.
De,·()ps Pi pe l i nes reduce the l ike l ihood of change- dr i ven errors and misconfi gurations
that can occur during manual deployments. which can lead to dmm time and other issues in
product ion 2.ppl icat ions.

I Previo us I Page 6of 61Summary I

Microservices and Containerization
( Answer all questions in this section)

(0/1) Points
1. As a DevOps Engineer working on containerizing an applicat ion on t he OCI platform, which of the following
two statements a re fa lse about OCI container instances?

rJ By default, the container can use only 50% of resources in the container instance. (*)

When selecting an image source for a container instance on the OCI platform, you can choose
from Oracle Cloud Infrastructure Registry (also known as Container Registry). In addition to
Oracle's registry, you can also use third-party registries to select an image source for your
container inst ance.

The amount of time the container instance waits for the OS to shut down before powering off is
managed internally. (*)

While configuring container instances, you can set the environmental variables used by the
container.

You can configure the number of resources that the container consumes in absolutes or
percentages.

X l ncorrect. By default. the container can use all resources i n the container i nstance.

Page 1 of 8 ~ I Summary I
Microservices and Containerization
( Answer all questio ns in this sectio n)

(0/ 1) Points
2 . You work as a DevOps engineer and a re responsible for managing the container images stored in your
team's Oracle Cloud Infrastructure Registry (OCIR) repository. One of your team me mbers accidentally
deletes an important container image from the repository. You need to recover t he image as soon as
possible. How long do you have to undelete the image from OCIR before it is permanently deleted?
0 72 hours
24 hours

48 hours(*)
96 hours

X l ncorrect . When you delete an image. it can take up to 48 hours for the de let ion to t ake
effect and for storage to actually be released.

~ Page 2 of 8 B ] Summary I

Microservices and Containerization

(An swer a ll q uestio ns in this section )

(0/ 1) Points
3. Consider the following structure:
< region- key > .ocir. io/ <tenancy- namespace>/ <repo- name>: <tag>
Which term best describes it ?
0 Region key

Registry identifier
Repository path
Image path (*)
X l ncorrect . <region-key>. oci r . i o -'<tenancy-namespace), '<repo-nane) : <tag) s i gnifies the
Image Path used for Pushing and Pulling images to and from Oracle C:oud Infrastructure
Registry

[ Previous I Page 3 of 8 B ] Summary I

Microservices and Containerization
( An swer all questions in t his section )

(0/1) Points
4. As a Cloud Engineer, you are asked to manage the OCI Container Registry, which hosts Docker container
images. You are directed to delete all the images within a tenancy region that have not been pulled for over
72 hours to avoid billing charges for the storage space they consume.
Which action should you perform to handle this requi rement?
0 Set up local image retention policies to delete Images automatically base d on selection criteria.

For ea ch old, unused image, select Delete Image from the Actions menu and confirm that you
want to delete the image.
Set up a global image retention policy to delete images aut omatically based on selection
criteria. (*)

Period ically delete old, unused images using Docker CLI.

Xl ncorrect . Since the requirement is to delete all images within a tenancy region tha t
have not been oull ed for over 72 hours. setting uo a globa l image r et ention oolicy is the
be s t ootion. This a llows for a systematic and automated aoproa.ch to de l eting old. unused
image s. based on sel ection criteria.

I Previous I Page 4 of 8 B I Summary ]

Microservices and Containerization

( Answ er a ll quest ions in t his section )

(0/1) Points
5. Suppose you have pushed a Docker image to your Container Registry repository in Oracle Cloud
I nfrastructure (OCI), and now you want to get that image onto your local machine so t hat you can run it
locally. Which command should you use to achieve this?
0 docker tag <region-key> .ocir. io/<tenancy-namespace>/<repo-name> :<tag>

docker pull <region-key> .ocir.io/ <tenancy-namespace>/<repo-name>: <tag> (*)

docker push <region-key> .ocir.io/<tenancy-namespace>/<repo-name>: <tag>
docker fetch <region-key> .ocir.io/<tenancy-namespace>/ <repo-name> : <tag>

Xl ncorrect. The docker pul 1 <reg i on-key) . ocir. i o/ <tenancy-namespace),1(repo-name) :

<tag) command pulls the s pecified image from the r egistry to the local machine. ~·here it
can be run using the docker run command.

I Previous I Page 5 of 8 B I Summary

Microservice s and Conta inerization

( An swer a ll q uest ions in t his section )

(0/1) Points
6 . Suppose you have created a Dockerfile for your application, and you want to convert it into a Docker
image to be able to run it on a container. Which command should you use to achieve t his?
0 d ocke r r un -t <i mage_name >: <ta g_n ame >

d ocke r conve r t - t <i ma a e_name >: <ta g_ name >

d oc ke r c r eat e - t <i mage_na!lle >:<tag_name >

d ocke r build - t <image _name>:<t aa _name >

(*}

Xlncorrect. The "docker build • command is used to build a n image from a Docker file. The•-
t • option is used to specify the name and optionally a tag for the image. So. by runn i ng the
command • docker build - t ( i mage_name>: <tag_name> . • in the same directory as your
Docker-fi le. you can create a Docker i mage with the specifi ed name and tag. The dot •. • at
the end of the command specifi es the build context . whi ch is the location of the files that
are used to bu il d the i mage.

[ Previous I Page 6 of 8 B j summary ]

Microservices and Containerization
( Answer all quest ions in t his section)

(1/1) Points
7. Suppose you are creating a, Docker image for your web application . You want to specify the base image to
be used as a starting point for your applicat ion's image. Which instruct ion in the Dockerfi le wou ld you use to
accomplish this?
0 FROM(*)

BASE

USING

ENTRYPOINT

._,,Correct. In a Dockerf il e. the FRml instruction is used to speci f y the base image to be
used for t he new image be ing buil t. I t i s t he f i rst instruct ion in a Dockerfil e and i s
followed by t he name of t he image t o be used.

[ Previo~ Page 7 of 8 Fl [ summary]

Microservices and Containerization

( Answer a ll q uestio ns in this sectio n )

(1/1) Points
8. A company is experiencing performance issues wit h its monolithic a rchitecture for an e-commerce
website. The software development team is considering implementing a new design approach to improve
performance and scalability. I n the context of software architecture, what is a microservice?
0 A style of design for enterprise systems based on a loosely coupled component architecture (*)
A software framework for automating user Interface testing

A small program that represents discrete logic that executes within a well-defined boundary on
dedicated hardware

A cloud-based service for testing and deploying m icrocode

¥'Correct. Amicr oserd ce i s a style of des igning enterori s e systems based on a loosely
couoled comoonent architecture . where smal 1 . indeoendent l y deoloyabl e comoonents work
together to orovide the overall functional i tr of the system.

Previou~ Page 8 o f 8 [sum mari.J

Managed Conta iner Orchestra tion

( A n "'iwer all q u e"'it ion"'i i n t hi s se ct i o n )

(0/1) Points
1. Which statement is t rue about virt ual nodes in a serverless Kubernetes model?
0 Virtual nodes use traditional nodes to run containers, which provides strong isolation through
virtualization.

Virtual nodes require manual configuration and management, which can add additional
operational overhead.

Specialized application use cases require virtual nodes instead of traditional nodes.

Virtual nodes eliminate operational overhead of traditional container hosts by shifting to a

serverless Kubernetes model that uses a fully managed virtual kubel~t and OCI container
instances. (*)

X I ncorrect . Virtual nodes use OCI Conta i ner I nstances to run containers . wh i ch prov i des
strong isolation through virtualization. This is a key feature of ,·irtual nodes and
distinguishes them from traditional container hosts.

Page 1 of 7 B I summary ~
Managed Container Orchestration
( Answer a ll questio ns in t his sect ion)

(0/ 1) Points
2 . As a DevOps engineer tasked with setting u p a new OKE cluster for your organization's Ku bernetes
applications, which of t he following statem ents is false regarding the preparation process?
0 Your tenancy must have sufficient quota on different types of resources .

Container Engine for Kubernetes cannot use existing network resources for the creation of a
new cluster. {*)

You must have access to an Oracle Cloud Infrastructure tenancy.

Container Engine for Kubernetes automatically creates and configures new network resources
for the new cluster.

Xlncorrect . When preparing for Container Engine for Kubernetes (OKE) , it is important to
note that you must hcs e access to an Oracl e Cloud Infrastructure tenancy. Additionally .
your tenancy must ha\·e sufficient Quota on different types of resources to support the
creation of a new clust er. Contrary to the statement , Container Engine for Kubernet es can
use existing network resources for the creation of a new cluster. Container Engine for
Kuberne tes automat ical 1r creates and configures new network resources for the new
cluster. but you can also choose to use existing resources if they meet the reQuirements
for the cluster.

[_Previous ' Page 2 of 7 Fl [ s ummary]

Managed Container Orchestration

( Answer all questions i n t his section )

(0/ 1) Points
3. As a DevOps engineer working on managing clusters on the OCI platform for y our organization, which
statement is fa lse about managing cluster add-o ns in OCI OKE Cluster?
When creating a new cluster, essential cluster add-ons cannot be disabled.

0 When enabling a cluster add-on, you can configure the add-on by specifying one or more
key/value pairs to pass as arguments to the cluster add-on.
You can opt in to, and out of, automatic updates by Oracle.

When you disable a cluster add-on using the console, the add-on is removed from the cluster.
(*)

XYou have chosen an incorrect answer.

[ irevious Page 3 of 7 R [ iummarvJ

Managed Container Orchestration

(Answer all questions in this section )

(Of 1) Points
4. As a DevOps Engineer working on a n OKE cluster, w hich file provides access details to OKE cluster?
Kube-proxy

Kubeconfig ( *)
0 Kubernetes

Kubectl

X I ncorrect. Kubeconfii:2: is a cor.fii:2:uration file used bv the Kubernetes command- I i ne tool.

kubectl to authent:cate and access a Kuber:1etes cluster. The Kubeconfig file contains
c luster detai 1s, such as the c l t.:ster name. sen er endpoint, and authentication
credent:als. It is used to configure access to a Kubernet es cluster and can be used to
s\\·i tch between mult:ple clusters as we ll.

I : > reviou~ Page 4 of 7 R ['summ ary ,

Managed Container Orchestration

( Answer all questions i n this section )

{1/ 1) Points
5. Which Kubernetes obj ect can be used to store t he Oracle Cloud Infrastructure credent ials needed to pu ll
an image from a private regist ry in OCI?
0 Secret(*)
Configmap

Service
Ingress

" Correct. A Secret inKubernetes is an object that contains a small amount of sensiti\·e
data, such as a password. a token, or a ker. In the context of Oracle Cloud Infrastructure,
a Secre t can be used t o s t ore the credent ials needed to access a pr i ·, ate registry in the
Oracle Cloud Infrastructure Registry.

I Previous
I
Page 5 of 7 Next I[ Sum ma ry ]
Managed Container Orchestration
(Answer a ll q uestions in t his sectio n)

(0/1) Points
6. As a Kubernetes administrator work ing on OKE, what is the incorrect statement about scaling OKE clusters
and node pools?
You can change the properties of existing worker nodes. (*)

You can enable autoscaling to automatically scale node pools and pods.

0 You can change the number of worker nodes in a node pool to scale the node pool up and
down.

You can change the number of node pools in a cluster to scale the cluster up and down.

Xl ncorrect. The properties of existing worker nodes i n a node pool cannot be changed.
Instead , you can create a new node pool with the de sired properties and move the work l oads
from the old node pool to t he new one. Thi s a ll ows you to scal e t he node pool up and down .
add or remove nodes. and conf i gure aut oscaling for node pool s and pods.

[ Previous I Page 6 of 7 B j Summary ]

Managed Container Orc hestration

(Answer all questions in t his sectio n)

(0/1) Points
7 . A DevOps engineer is asked to access an Oracle Cloud Infrastructure Container Engine for Kubernetes
(OKE) cluster to deploy new applications and manage existing ones. Which two statements are false?

~ To access the cluster using kubectl, you have to set up a Kubernetes configuration file for the
cluster. The kubeconfig file by default is named config and stored in the $HOME/.kube directory.

To access the cluster using kubectl , you have to set up a Kubemetes manifest file for the
cluster. The kubeconfig file by default is named config and stored in the $HOME/.manifest
directory. (*)
Generating an API signing key pair is a mandatory step while setting up cluster access using
local machine if the public key is not already uploaded in the console.

When a duster's Kubemetes API endpoint has a public IP address, you can access the cluster in
Cloud Shell by setting up a kubeconfig file.

The only available option when a clu ster's Kubernetes API endpoint has a public IP address is to
control the cluster locally using kubectl and the Kubernetes Dashboard. (*)

Xl ncorrect. You must configure a Kubernetes configuration file for the cluster in order
t o use kubect l to access the cluste r. The SHmlE . kube directory contains the config fi l e.
which by default has the name config. There are two ways for accessing a cluster with a
publi c IP endpoint for the Kubernetes API : one is through a cloud she ll. and the other is
through local access.

I Previous I Page 7 of 7 [ Summ ary I

OCI DevOps Project
(Answer all questions in t his section)

(0/1) Points
1. In your role as a DevOps project administrator, you are in the process of formulating Oracle Cloud
Infrastructure (OCI) Identity and Access Management (1AM) policies. These policies are intended for
integration within a DevOps Cl/CD pi peline, which will facilitate deployment to an Oracle Container Engine for
Kubernetes (OKE) environment.

Which specific OCI 1AM policy is sui table for this context?

0 Al low group t o mana g e d evop:!!1- family in co:npa r t r:ie n t

Allow group to manage all- re:!!lources in co:npartment

Al low dynamic- group to manage all- resources in compartment (*)

Allow dynamic- group t o manage de vops- family in compar t ment

XYou have chosen an incorrect answer.

Page 1 of 6 ~ I summary I
OCI DevOps Project
(Answ er a ll questio ns in this section)

(0/ 1) Points
2. I n the context of the OCI DevOps project service, consider a scenario where you are setting up
connection s to external repositories. You are prompted to choose t h e appropriate access token type for each
repository. Among the opt ions provided, which external repository would necessitate the use of an HTTP
access token instead of a personal access token (PAT)?
0 Gitla b Server

Gitlab Saas
Bitbucket Server(*)

GitHub Enterprise Cloud

XYou have chosen an inco rrect answer.

Previou~ Page 2 of 6 Nex~ (iummary]

OCI DevOps Project

(Ans wer all q uestions in t his section)

(0/ 1) Points
3 . Which statement is true ab out working with DevOps projects and working with artifacts?
0 Deleting an OCI Devops artifact deletes the artifact itself, as well as the reference.

OCI Container Registry holds images, and manifests or helm ch arts are stored in the Artifact
Registry.

Artifacts should be made immutable to ensure that they are not altered after upload. (*)

Artifacts do not need to be located or mirrored in an OCI registry in order to work with OCI
Devops.

XI ncorrect. When you create a repository. you can designate i t as immutable. wh ich means
that the artifacts uploade d to it become immutable. These artifacts are used as is and
can't be replaced. Immutable repositories ensure the integri t Y of t he artifacts.

Previou~ Page 3 of 6 Fl G u m mary

OCI DevOps Project

(An swer a ll questions in this sectio n)

(0/ 1) Points
4. Which statement is true about working w ith DevOps projects and code repositories?
0 Enabling logging is not required to run build and deployment pipelines, but your pipeline
histories will not be complete without it.

You must specify an OCI Vault and Secret in order to push an external code repository to the
OCI code repository. (*)

When m irroring an external code repository on OCI, changes in the OCI Code Repository are
automatically pushed to the external repository.

A DevOps project must be saved before notification topics and subscriptions can be created for
it.

X Incorrect. When pushing an external code repository to the OC I Code Repository, you must
authenticate using an OCI \'aul t and Secret. This provides secure access to your code
repository and ensures that unauthorized users cannot push code to rour repository.
Without specifying the correct OCI \'ault and Secret. you will not be able to push your code
to the OCI Code Repos itory.

[ Previous I Page 4 of 6 B I Sum mary ]

OCI DevOps Project
( Answer a ll questions in t his section)

(0/ 1) Points
5. Which of t he followi ng is t rue about using code repositories in t he DCI DevOps service?
0 You can only connect to external code repositories hosted on GitHub.

You can only use private code repositories that you create in the Devops service.

You can create your own private code repositories or connect to various external code
repositories. (*)
Only code repositories hosted on Bitbucket Server are supported in the DevOps service.

X Incorrect. I n the DevOps sen·ic e . you can create your own pr i vate code repositor i es or
connect to various external code r epositories such as Git Hub , Git lab . Bit bucket Cloud ,
\'isua l Buil der Studio, Bi tbucket Server. and Gi t l ab Server.

[ Previous I Page 5 of 6 B I s ummary ;

OCI DevOps Project

( Answ er a ll questions in this sect ion )

(0/ 1) Points
6. Which of the following two are supported t arget environments for DevOps proj ects?

Cl Function applicat1ons only (*)

External code repositories such as GitHub or Git lab

Vi rtual machines running on any operating system

Container Engine for Kubernetes clusters (*)

XI ncorrect. Supported env i ronments are Container Engine for Kubernetes clusters and
Function a pplications.

[ Previous I Page 6 of 6 [ Summ ary I

OCI DevOps Project: Continuous Integration and Continuous Delivery (CI/CD)
(Answer all q uestio ns in this sectio n)

(1/ 1) Point s
1. A software development team is i mplementing continuous deployment for an applicat ion that has passed
t he pipeline's automated tests. Which of the subsequent deployment st rateg ies should they select?
0 Deliver automatically to production without stopping for approval. (*)

Allow users to test, promote to a staging environment, and get a manual approval.

Semi-automated pipeline has an approval stage for offline checks.

Add checks at each commit to the main branch .

._,Correct. Delivery changes automatically to production without stopping for apprO\·al.

This aDDr□a.ch ensures that any changes that Dass a ll automated t ests a.r e immediat e h
deployed t o production. reducing t.he t ime bet ween code changes and deployment while
:maint aining auali t y and reliabi li t. y.

O CI De vOps Project: Continuous Inte gra tion and Continuous Delivery (CI/CD)
( Answer a ll questions in this sectio n)

(0/ 1) Point s
2. Which statements accurately describe the Managed Bui ld stage? (Choose two)

~ This stage is not required, but if it is used in a build run, it must come before the Deliver
Artifacts stage.

This stage publishes your software packages to production environments.

This stage builds and tests your software with an OCI-managed build runner. (*)

This stage follows the build spec YAML file in your code repository. (*)

X Incorrect . The Managed Build stage i n the build p i pe line bu ilds and tests you r software
with a fas t and scalable Or acle Cloud Infrastructure (OCI) Dev(lps serv ice mane.ged build
runner that runs build instr uctions. The build specification contai ns build steps and
settings that the build pipe line uses to run a bui l d.

I Previous I Page 2 of 6 B I Summary ;

OCI DevOps Project: Continuous Integration and Continuous Delivery (Cl/CD)
( Answ er a ll questio ns in this section)

(0/1) Points
3. Which stat ement is t rue about working w ith DevOps projects and environment variables?
0 Environment variables can include user~defined input but cannot be predefined on the build
server.
Environment variables are not defined in the build specification file, but are imported from
other files when a build is triggered.

You can't ever use a secret in OCI Vault as a variable due to security reasons.

All environment variables can be brought into later steps, but only exported variables can be
brought into later build stages. (*)

XYou have chosen an inco rrec t a1.swer.

[ Previous I Page 3 of 6 E] ['summary

OCI DevOps Project: Continuous Integration and Continuous Delivery (CI/ CD)
( Answer all quest ions in t his section)

(0/ 1) Points
4. A software development team wants to store the softwa re application created from the build pipeline in
t he Oracle Cloud I nfrastructure Artifact Registry. Which of the followi ng stages should be included in the
pipeline?
0 Wait

Deliver Artifacts (*)

Trigger Deployment

Manage<! Build

X ! nco rrect. To store t he soft ware a pplicat i on created from t he build p i peline in t he
Oracle Cloud Infrast ructure (OCI) Arti fact Regis t r y , t he •ne li \'er Artifacts • stage
should be included in the pipe line. Thi s stage is r esponsibl e for storing the artifacts
created by the •11anaged Build• stage in the OCI Artifact Registry o: OCT Containe r
Registry r e positories. The OCI Artifact Registry is a managed r egi5try that enabl es the
t eam to store, share. and ma nage their artifact s. such as Do c ke r images and1lave n
packages.

Previou~ Page 4 of 6 Nex~ [ summary

OCI DevOps Project: Continuous Integration and Continuous Delivery (CI/ CD)
( An swer a ll q uestions in t his sectio n)

(0/ 1) Points
5. A DevOps engineer is asked to work on creating an automated pipeline. Which of the following stages
should be included in t he pipeline to compile and test t he software application?
Wait

0 Deliver Artifacts
Managed Build (*)

Trigger Deployment

X ! ncorrect . The •~tanaged Build• s t age should be included in t he automated p i peline t o

compil e and t est the softwar e ar:plicat ion. This stage i s r esponsibl e for building a nd
testing the software applicaticn using the build tools and s cripts specified by the
De vOps e ngineer. Onc e the application is successfully built and t est ed . the pipe line can
proceed to the next stage , such as delive ring the artifacts to a r e pository or triggering
a deployment pipeline.

[ Previous I Page 5 of 6 E] I Summary ;

OCI DevOps Pr oject: Continuous Integration and Continuous Delivery (CI/ CD)
( Answer all questions in this section)

(1/1) Points
6. A DevOps engineer is asked to remove a stage from the build pipeline. What happens to the associated
resources when the stage is removed?
The associated resources are still available, but the stage is marked for deletion.

0 The associated resources and the stage are both removed. (*}

The associated resources are removed, but the stage is still available.

The associated resources are marked for deletion, but not deleted until manually deleted.

..-,correct. You can add mul t iDle stages t o a DiDeline. St ages can be added in a sequence or
in Darallel. You can remO\·e any stage from t he DiDeline. When you do, t he stage and i ts
associated resources are deleted.

I Previous I Page 6 o f 6 [ Summary I

OCI DevOps Project: Deployment Stra tegies
( Answer a ll q uesti o ns i n t hi s secti on )

(1/ 1) Points
1. What is the role of an NGINX ingress controller in the Canary deployment strategy for OKE?
0 To monitor ingress resources for load balancing (*)

To validate the deployment in the canary environment

To deploy artifacts to the production environment

To approve the deployment in the canary environment before deploying the application in the
production environment

¥'Correct. As the OKE clust er doesn ' t have an ingress controller , by default an XGI~'X
ingress controller has to be set up for the Canary deployment strategy. An ingress
controller is a Kubernetes application that routes traffic based on ingress
specification. The XGI\TX ingress controller monitors ingress resources for load
balancing. The traffic is shi fted from s t 2.ging to the production em·ironment by updating
the ingress resource.

Page 1 of 5 B I summary I
OCI DevOps P roject: Deployme nt Strategies
( A n"'iw e r a ll que"'it i o ns in t hi s secti on)

(0/1) Points
2 . A DevOps team is using the Canary Deploym ent strategy to deploy a new version o f their application to a
production environment. T hey want to ensure that any pot ent ial issues with the new version a re detected
before it's fully deployed to production. Which stage of the Canary Deployment strategy in t he OCI DevOps
ser vic e allows t he team t o shift a percentage of t he production traffic to the canary e nvironment?
0 Invoke function stage

Manual approval stage

Load distribution stage

Shift traffic stage (*)

x ·I ncorrect. I n Shift traffic stage. a part of the production traffic is shifted to the
cana ry e nvironme nt . In Im·oke function stage ., a custom function can be added to the
pit1eline to valid2.te the deployment in the can2.rr environme nt . The invoked function tests
the new version before mo\·ing to the produc tion environment. In ~lanu2.l appro\·2.l st2.ge , a
cta nua l appr oval st e p i s added to appr ove the d e ployme nt in the canary e nvironme nt befor e
de ploying the application in the production e ndronment. Ther e is no stage such as Load
d i stribution stage.

I Previous ] Page 2 of 5 B I Summary I

OCI DevOps Project: Deployment Stra tegies
( Answer all questio ns in t his section)

(1/1) Points
3. As a DevOps engineer, you are responsible for deploying a new version of an application using the Blue -
Green deployment strategy in OCI DevOps service. Which of the following stateme nts a bout the different
st ages of this strategy is correct?
0 In thP Rh1P-GrPPn '1PploymPnt c;;tngP, thP lnnd hnl;mrPr ic;; '-PJPrtPrl for inc;;t;rnrP urn11p hhrP-
green traffic shift or NGINX ingress controller has to be set up for routing the traffic for OKE
deployment. (*)
The Invoke function stage is mandatory to validate the new version before shifting the traffic to
the new environment.

The Manual approval stage is mandatory to approve the deployment in the standby
environment before shifting the production traffic.

In the Blue-Green traffic shift stage, 50% of the production traffic is shifted from the current
active environment to the standby environment running the validated new version of the
application .

..-,c orrect. The Blue- Green depl oyment stage involves se l ect ing t he t wo em·i ronments,
e i t her for instance group or for OKE. and se l ect ing t he art i facts t o be depl oyed. For
instance gr oup blue- green traffic shift. a load ba lancer i s s e l ect ed , whereas for OKE
depl oyment . :\"GI\TX ingress contro ll er has to be set up for rout ing t he traffi c.

[ Previous
I
Page 3 o f 5 Fl [ Summ ary]

OCI Devops Project: Deployment Stra tegies

( Answ er all questio ns in this section )

(0/ 1) Points
4. Which statement best describes how the DevOps team should proceed when using the Blue-Green
deployment strategy in the OCI DevOps service to deploy a new version of their application to t heir
product ion environment to ensure t hat the production environment is not affected by any potential issues
caused by the new version?
0 The Production stage in the Blue-Green deployment strategy deploys the new version to the
standby environment without any manual approval.

Thf' Rhlf'-Grf'Pn c1Pploymf'nt strntf'gy dof's not involvf' any manual approval stagP.

The Invoke function stage in the Blue-Green deployment strategy is an optional stage that can
be used to validate the new version before shifting the traffic to the new environment. (*)

The Blue-Green deployment strategy supports pipeline redeployment for both instance group
and OKE.

XI ncorrect. A custom funct i on can be added to the I nvoke funct i on stage i n the Blue- Green
deployment strategy to \·alidate the application in the standby endronment before
shifting the production traffic . This function can be used to perform additional testing
and validation of the new version, such as running automated t ests or checking the
app]ication ' s func t ionality. Once the validation is complete, the traffic shift can be
performed to make the new version the product ion endronment.

~ revious ' Page 4 of 5 R [ Sum mary

OCI DevOps Project: D eployment Stra tegies

( Answer all q uestio ns in this section )

(0/ 1) Points
5. You are a Devops engineer responsible for deploying a critica l applicaticn that your company's fi nance
department uses. The Blue-Green deployment strategy is being used to ensure t hat any down t ime is
minimized. Which sta,Je of the Blue-Green deployment strategy in the OCI DevOps service invo lves testing
the new version of t he application in the standby environment before switching the production traffic?
Invoke function stage (*)

0 Manual approval stage

Blue-Green deployment stage

Blue-Green traffic shift stage

XI ncorrect . A custom function can be added to the I nvoke :'unction stage in tte Blue- Green
deployment strategy to \·alidate the a[lplication in the standby environment tefore
shifting the product ion traffic. This function can be used to oerform additional testing
and \·al idation of the new \·ersion, suc:1 as running automa:ed tests or checkir.g the
application ' ~ functionality. Oncw th~ validation i~ complwtli' . thw traffic ~hift can b,..
performed to make the new ,·ersion the tiroduct i on em·ironn:ent.

l_Previous
I
Page 5 of s I Sum mary I
OCI DevOps Project: Helm Chart Deployments
(Answer a ll q uestions in t his s e ctio n)

(0/1) Points
1. A DevOps engineer is asked to wo rk on creating Helm charts to share, package, and deploy software built
for Kubernetes. Which of the following is true about Helm chart deployment using OCI DevOps project?
0 Helm charts can only be deployed to public OKE clusters.

values. yaml is a generic file that is located in the OCI Container Registry.

Helm charts must be located in t he OCI Container Registry for deployment. (*)

Helm charts only contain Kubernetes YAML manifest files and not a values.yaml file.

X l ncorrect . Helm is an open- source package manager f or Kubernetes tha t makes it easier to
share. package . and deploy software bui 1t for Kubernetes. The OCI DevOps sen ice supports
deployment of He lm charts to OKE clusters . both public and pri \·ate. To deploy He lm charts
us ing the OCI De\·Ops service . the charts must be located in the OCI Container Reg i s t r y
repos i torr , and a reference to the va lues. yaml file must be created.

Page 1 of 5 B I Summary I
OCI DevOps Project: Helm Chart Deployments
(Answer all q uestions in t his sectio n)

(0/ 1) Points
2. As a DevOps e ngineer, you are setting up a deployment pipeline to deploy Helm charts to an Oracle Cloud
Infrast ructu re (OCI) Container Engine for Kubernetes cluster. Where should t he Helm charts be located for
deployment?
In the OCI Object Storage bucket

0 In the OCI Artifact Registry repository

In the OCI Block Storage volume

In the OCI Container Registry repository (*)

In the local file system of the OKE cluster

X Incorn~ct . oc i · (( r~gion- kQy) . oc ir. i o '( tQnanq.-- nam~!ipacQ) '( r~po-namQ) i!i th~ l"RL f or
a he lm chart located in the OCI Container Registry repository. Here <re po- name> is a
repository i:i Container Registry.

[ Previous I Page 2 of 5 B I Summary I

OCI Devops Pr oject: Helm Chart Deployments

(Answer a ll q uestions in t his section)

(0/ 1) Points
3. You are a developer working on a proj ect to be deployed on OKE using Helm. Which of the following is a
required file for a He lm chart?
0 Dockerfile
chart.yam!(*)
app.py
requirements.txt

X I ncorrect. chart. yaml file is a required file for a Helm chart. I t contains the basic
information about the chart such as its name , version. and a description. The other files
mentioned , such as Dockerfile, app. py, and reQuirements. txt. may be used in the project
but are not reQui red for 2. He lm chart specifically.

[ Previous
I
Page 3 of 5 R [ summ ary]

OCI DevOps Project: Helm Chart Deployments

(Answer a ll questi ons in this section)

(1/ 1) Points
4 . When working on an QC! DevOps proj ect for Helm chart de ployment, where should you st ore the
values. yaml file?
In the OCI File Storage service

0 In the OCI Artifact Registry repository(*)

In the OCI Container Registry repository

In the OCI Object s:orage service

v'Correct. In the OCI Artifact Registry reposi torr , the values. :raril file is a generic
f il e that s uppli e s the defaul t templ ate val ues for He l mc har t s and shoul d be s tor ed i n the
OCI Art i fact Registry. a l ong wi th the He l mc hart s thems e h es . for deployment to a
Container Engine for Kubernetes (OKE} cluster.

~ revious I Page 4 of 5 B ['summary

OCI DevOps Project: Helm Chart Deployments
( Answer all questi ons i n this section)

(0/1) Points
5. As a DevOps e ngineer work ing o n a Node.js proj ect, which of t he following wou ld be the most su itable
ta rget environment for de ploying a Helm chart using OCI DevOps pipel ine?
Oracle Cloud Infrastructure (OCI) Compute Instances

0 Oracle Cloud Infrastructure (OCI) Virtual Machines

OCI Container Engine for Kubernetes (OKE} (*)

Oracle Functions

)(I ncorrect. Oracle Cloud I nfrastructure (OCT) DevOps serv i ce supports deployment of
Helm charts to Container Engine for Kubernetes (OKE) cluster.

I Previous I Page 5 o f 5 I Sum mary I

Configuration Management and Infrastructure as Code
{ Answ er all q uestio ns in this sectio n)

(0/1) Points
1. Which t hree st atements are t rue about using Ansible on OCI?

ea You can use Ansible to collect billing and usage data for your OCI tenancy.
You can use Ansible to execute a shell command on a collection of hosts. (*)

You can use Ansible to restart Apache on all web servers as defined in inventory. (*)

You can use Ansible to create and destroy OCI resources, such as compute instances and load
balancers. (*)

The task sequence in your Ansible p laybook does not matter. Ansible will evaluate dependencies
and execute tasks in the most effective sequence.

)(I ncorrect . Wh i le Ansible can perform various tasks related to configuration .

deployment , and orchestration. it is not designed for collecting bi 11 ing and usage data
for OCI tenancy. You can use OCI APis , the Console , or other bi 11 ing tools for that
purpose. The task sequence in an Ansible playbook matters. and Ansible executes tasks in
the order they are defined in the pl a ybook. Ansible evaluates dependencies. but it will
sti ll execute tasks in the order specified in the p}a ybook.

Page 1 of 5 [ Next Summ ary]

Configuration Management and Infrastructure as Code

(Answer a ll quest io ns in this section)

(0/1) Points
2. Which three statements are t rue about Resource Manager (RM)?

Resources provisioned through RM cannot be destroyed from outside of RM.

RM can mirror repositories from GitHub and Gitlab. (*)

Terraform configurations used by RM cannot contain any variables .

rl RM can render custom "Application Information" pages for stacks. (*)

RM can generate Terraform based on the resources in a compartment. (*)

X ! ncorrec t . Re sources provisioned through RM can be destroyed fromoutside o f RM.

Terraform configurations used b y R\I can cont ain any Yariables.

[ i revious Page 2 of 5 NexQ [jummarJ

Configuration Management and Infrastructure as Code
( An"'iwer a ll q uestions in t his section )

(0/1) Points
3 . Which feature of the OCI Resource Manager service will you use to different iate between t he real-world
state of your infrast ructure and t he stack's last executed configurat ion?
View State

0 Apply or Import State

Drift Detection (*}

Diff Detection

>Clncorrect. OCI Resource Ma nager service provi d es drift detect i on feature tha t helps to
detect the differences ben·een the current state of the resources and the des ired state of
t he stack. It helps to identify t he configuration drifts that may occur due to the changes
made outside of the Resource 11anager. This fee.ture allows users to take correct ive
ac tions br aoolring the drift det ect ed changes to the stack or by updating the resource
configuration.

[ Previo~ Page 3 of 5 Fl [ summari_)

Configuration Management a nd Infrastructure as Code

(Answer a ll quest io ns in t his section )

(0/1) Points
4. A DevOps engineer is new t o Ansible but want s to write a manual for configuration, deployment, and
orchestration. Which Ansible term is he describing and in what la ng uage will he write the manual?
Inventory; JSON

0 Plays; YAML

Playbacks; YAML (*)

Plays; Python

Role; Python

Playbook:s; JSON

X I ncorrect. A playbook in Ansible is a YAML file that defines a set of tasks to be executed
on one or more remote hosts. It i s used for confi~ration r.iana~ernent . deolorment . and
orchestration. YA.'11 is a human- readable data serialization language that is commonly
used to write Ansible playbooks. It is easr to learn and write and is the recommended
language for •n i ting Ansible Dlaybooks.

[ Previous ] Page 4 of 5 E [ sumrnarv]

Configuration Management and Infrastructure as Code

( An swer all q uest io ns in t his sect io n)

(0/1) Points
5. Which statement is false regarding Terraform?

Terraform codifies cloud APis into declarative configuration files.

Terraform is an Iaas. (*)

~ Terraform CLI versions and provider versions are independent of each other.
You configure multiple provider instances with the help of an alias.

X l ncorrect . Terraforrn i s not an IaaS, but rather an infrastructure as code tool that can
be used with mul t iDle cloud Dro\·iders and infrastructure technologies.

I Previous I Page 5 of s [ s um mary I

DevSec Ops
(Answer all questio ns in t his section )

{1/1) Points
1. ABC Inc. is a technology company that is in the process of adopting DevSecOps practices to improve their
software developme nt process. They are currently reviewing their approach to security fu nctions in the
DevSecOps process. The company wants to ensure that their approach aligns with industry best practices.
Which of the following is the recommended approach to security f unctions in a DevSecOps process t hat ABC
Inc. should adopt?
0 St rong governance, including the use of automated tools(*)

Complete reliance on cloud service providers for security

Manual processes to ensure more control
Independent security teams separate from DevOps

y"( orrect. Strong governance. including t he use of a utomated tool s - t he recommended

a pproach to secur i t y funct i ons in a DevSecOps process i s to adhere t o and impl emen t strong
governance. including !dent i t y and Access 1lanagement (IA.\[) and pr i \' i l eged access
management (PA\!) . The process should a l so define ro l es for t he De\·SecOps mode l , provide
proper training . and stay up- to-date on the l atest safety techniques.

Page 1 of 6 B I summary I
DevSecOps
(Answ er all quest ions in t his section)

(0/1) Points
2. XYZ Corp. is a software development firm that uses DevOps practices. They want to minimize t he risk of
security br eaches by incorporating security into their development process from t he start. To accomplish this,
t hey are concentrating on incorporating DevSecOps best practices into their DevOps process. Which t hree
are the best practices t hat XYZ Corp. should implement?

~ Have a flat network with no segmentation or isolation, where all devices and resou rces are
interconnected and accessible to anyone on the network.
Manual execution of Devops security processes and tools is a best practice to reduce the risk of
errors and security incidents.

Adhere to established security guidelines, such as the OWASP DevSecOps guideline, while
developing and testing. (*)

Incorporate role- based access control and establish roles and responsibi Iities for all parties
involved in the development process. (*)

Regularly scan for vulnerabilities and prioritize fixing them based on their level of severity. {*)

Xl ncorrect. ~tanual execution of s ecuri ty processe s and tools is time- consuming and
error - pr one , and it can be di ff icul t to maintain consistency in the implementat i on of
secur ity pol icies across the or ganization. Having a flat network with no segment at ion or
isol ation i s a securi t r risk. I t makes it eas ier for attackers to mo\·e l aterally acr oss
the network and acce ss s ensi t i\'e data and systems .

I Previous I Page 2 o f 6 B j Summary ]

D e vSecOps
(Answer a ll quest ions in t his section )

(0/ 1) Points
3. Which of t he following is a measure of the severity of a software v ulnerability, ranging from Oto 10, and is
used by ADM?
National Vulnerability Database {NVD}

Common Vulnerability Scoring System (CVSS} (*)

Vulner ability audit

0 Knowledge base

Xl ncorr ect. The :,..-vn provi des a measure of the sever i ty of a sof twar e vulnerabi 1 i ty us i ng
the C\'SS. which is used by AD~!.

I Previous I Page 3 o f 6 B I s ummary ]

DevSecOps
( Answer all questi ons in t his section)

(0/1) Points
4. Which two are NOT necessary to create a secret in the Oracle Cloud Infrastructure Vault service?

You must have an auth token to encrypt the secret. ( *)

You must have a Vault managed key to encrypt the secret.

The user must create a compute instance to run the secret service. {*)

~ You must have the required permissions to create and manage secrets in the Vault service.

XYou have chosen an incorrect answer.

~ revious I Page 4 of 6 E [summarv]

DevSecOps
( An sw er a ll ques tions in t his section)

(0/1) Points
5. Which of the following statements is false with regard to the OCI Vault service?
The vaul:'s public wrapping key is only used when you need to import an external key.

0 Each new master encryption key is automatically assigned a key version with a unique Oracle
Cloud Identifier {OCID).
Older versions of master encryption ke'(S can be used for decryption but cannot be used for
encryption.

Master encryption keys are always stored In a Hardware Security Module (HSM) . (*)

X l ncorrect . To create a master encr yption key that is stored and processed on a hardware
securi tr modul e (HS~!) . choose HS~!.
To create e. master encryption key that is stored and processed on a server. choose
Software.

I Previous ] Page 5 of 6 R I Summary ,

DevSecOps
( Answer a ll questions in this section )

(0/1) Points
6. As a DevOps engineer working o n OCI DevOps projects for automating the software development life
cycle, which stage of the DevOps pipeline would you configure ADM in?
Managed Build stage {* )

0 Deliver Artifact stage

Security stage

Trigger stage

X l ncorrect . AD\1 is configured in the Managed Build stage of a DevO:,s p i peline.

I Previo us I Page 6 of 61Sum mary I

DevSecOps: OKE and Container Image Security

( Answe r a ll questio ns in t his sectio n )

(1/ 1) Points
1. Which of the following is a recommended best practice for deploying across multiple environme nts in
Kubernetes?
0 use the same namespace name across all environments. (*)

Use different namespace names for each environment.

Avoid using namespace names for deployments.

Include environment names in the namespace names.

v'Correct. The recommended best practice for deploying across multiple environments in
Kubernetes is to establish and use a namespace naming convention that makes it easy to
create deployments across mul t iple endronments and hosted in diff erent clusters. By
using the S2Ille namespace name , you can use the same config f iles in all environments and
you amid having to create a config file specific to each environment.

Page 1 of 6 B I summary ~
DevSecOps: OKE and Container Image Security
{ Answer a ll questio ns in this section)

(0/1) Points
2. You are responsible for managing access and permissions in Oracle Container Engine for Kubernetes (OKE)
for Kubernetes obj ect operations.
When considering whet her to use OCI Identity and Access Management (1AM) policies or Kubernetes role-
based access control (RBAC) roles, which of the following statements is correct?
0 Only 1AM policies can be used to manage access.

Both 1AM policies and RBAC roles can be used to manage access. {*)

Only RBAC roles can be used to manage access.

You must choose either 1AM policies or RBAC roles to manage access.

X l ncorrec t . Both IA~t policies a nd RBAC r oles ca n be used to ma nage access i n Orac le
Container Engine for Kubernet es (OKE) . IA\! policie s can be used to manage access to the
OKE s e n-ice and r esources . such as clusters . nodes. and load balancers . while RBAC roles
ca n be used t o ma nage access t o Kube rnet es object s within a clus t er. s uch as pods,
services. a nd deployme nt s. By us ing both IA.\! poli c i es and RBAC rol es, you can pr O\·ide
granul a r access control for both the OKE sen i ce a nd Kuberne t es obj ec t s within a clus t er.

FiwsJ Page 2 of 6 B I sum mary ;

DevSecOps: OKE and Container Image Security

(Answer a ll questions in t his section )

(0/1) Points
3. A DevSecOps professional has employed OCI Vault service to sig n a container image using cryptographic
keys. However, d uring an attempt to verify a specific image's signatu re utilizing the Vault service, t he
verification process fails. Which of the subsequent options could pot entia lly account for th is unsuccessful
verificat ion?
0 The cryptographic keys employed in Oracle Cloud Infrastructure Vault for image signing were
based on asymmetric algorithms like RSA or ECDSA.

While utilizing OCI CLI for image signature creation, the --description and --metadata
parameters were intentionally left devoid of input.

The cryptographic keys utilized in Oracle Cloud Infrastructure Vault for i mage signing were
generated through symmetric AES keys . (*)

The process incorporated both the OCID of the master encryption key and the OCID of the
corresponding key version from Oracle Cloud Infrastructure Vault for image signing.

XYou ha ve chosen a n i ncor r ect a nswer .

[ Previous I Page 3 of 6 B l Summary I

De vSecOps: OKE a nd Container Image Secu r ity
(Answer all q uesti ons in t his section )

(0/1) Points
4 . As a DevOps engineer, you need to test the execution of a particular container image even though it
violates the cluster's image verification policy. What step can you take to allow a specific pod to pull such an
image?
By adding the oracle.rmage-policy.k8s.io/ break-g1ass: "true" annotation to the pod spec (*)

By manually modifying the image signature of the image in Oracle Cloud Infrastructure
Registry

0 By modifying the image verification policy for the entire cluster

By adding the oracle.image-policy.kSs.io/ allow-unsafe-images: "true" annotation to the pod

spec

X l ncorrect. According to the scenario. if a particular pod needs to pull an image that
,•iolates the cluste r ' s image ve rification policy, the annotation oracl e. image-
policy. k8s. io br eak- glass: • true• can be added to the pod spec. This annotation \\·ill
allow the pod to pull any signed and unsigned images from Oracle Cloud Infrastructure
Registry. regardless of the cluster's image verification pol icy.

FiwsJ Page 4 of 6 B I s um mary ;

DevSecOps: OKE and Container Image Security
( Answer all questions in this section)

(0/1) Points
5. As a DevOps engineer, which method can be used to ensure the authent icity and integrity of containe r
images deployed on OCI Cloud platforms?
Signing the container image with the Container Registry Cll and associating it with a master
encryption key in the Vault service (*)

Comparing the checksum of the container image w ith the original image after ingestion

0 Deploying the container image to multiple Kubernetes clusters for redunda ncy and verification

Enabling real-time scanning of container images stored in OCI Registry

X l ncorrect. S ign i ng t he image us i ng the Cont a i ner Registry CLI and creati ng an i mage
s i gnat ure t h2.t assoc iates t he image with t he mast er e ncryDt i on ke y 2.nd ke y vers ion in t he
Ya ul t sen ice he lt)s to e ns ure t hat the container images have not been modi fied after be ing
oushed to t he OCI Reg istry. Thi s i s becaus e the image signature \·eri fi es the integri ty of
the container image . ensur ing that i t hasn ' t been tampe r ed with. and associat es the image
with the master e ncrypt i on ke y a nd ke y Ye r s ion in the \"a ul t s e ni ce. pro"iding a n
addi t i ona l l a yer of secur i t y.

~ Page 5 of 6 ~ [ s ummarv]

DevSecOps: OKE and Container Image Security

(An swer a ll questio ns in this section )

(0/ 1) Points
6. You intend to ensure that only container images that have been signed wit h an OCI Vault master
encryption key are used for deployments to an Oracle Co nt ainer Engine for Kubernetes (OKE) cluster. Which
of t he following statements is correct?
Image signature verification policies are explicitly disabled or enabled for each image by the
developer when uploading to Oracle Container Registry (OCIR).

0 Image signature verification is required for all deployments to an OKE cluster in a production
environment.

Image signature verification policies are enabled at the kubemetes pod level.

Image signature verification policies can only be enabled at the OKE :luster level by an
administrator. (*)

X I ncorrect . I mage s i gnature ver i f i cat i on policie s can onl y be e nabl ed at t he OKE clust e r
leve l by an administrat or. The administrator needs to e nabl e the pol icy for image
signature ve rification in the OKE clust e r configuration. Image signature \·eri fie at ion is
not r equired for al: depl oyme nts to an OKE cluster in a production environme nt by default .
but it can be enforced by the administrator through configuration.

Previou~ Page 6 ot 6 s ummar i j

Observability Se rvices
( Answe r all q uestio ns in this section )

(0/1) Points
1. Which of t he following feature of Events Service is used to t rigger an automated action when a specific
event o ccur s in a DevOps Proj ect?
0 Functions

Rules(*)

Alarms

Topic

X I ncorrect. Rules is the core feature in Event service. It allows you to choose which
event types to be monitored , what specific resource to be filtered in the rule condition.
and what ac tions t o be taken.

Page 1 of 6 B I Summary I
Observa bility Services
( Answer a ll q uesti ons i n t his section )

(0/ 1) Points
2 . As a DevOps engineer overseeing the deployment pipeline for your organization's application on Oracle
Cloud I nfrastructure (OCI), you encounter a situation where the pipeline is encountering fa ilures. I n your
efforts to address the problem and pinpoint its root cause, you require specific data for further investigation :

The duration taken by each deployment The frequency of deployment failures Which Oracle Cloud
Infrastructure (OCI) service would best facilitate obtaining this crucial information, enabling you to
effectively analyze t he issue and facilit ate the debugging process?
0 OCI Oe vOps Agent

OCI Monitoring service (*)

OCI Data Science service

OCI Data Analysis service

XYou have chosen an i ncorrect answer.

~ Page 2 of 6 B I s ummary I
Observability Services
(Answer a ll q uest io ns in t his sectio n)

(0/ 1) Points
3. You are tasked to troubleshoot failures seen with Build runs t hrough t he DevOps Project. What information
wou ld be required to be checked first?
Service Connector Logs

Unified Agent Logs

Service Logs (*)

0 Custom Logs

Xl ncorrect. OCI services can be configured to send Logs into OCI Logging service. These
logs are referred to as Sen ice logs. Dev()ps Project can be enabled to send such service
logs into OCI Logging . which pro\·ides a centralized interface to apply search fi hers and
navigate into specific log sets to troub leshoot the Droblem.

I Previous ] Page 3 of 6 B I Summary I

Observa bility Services

(Answer all q ues tions i n t his section )

(0/ 1) Points
4 . An application is continously logging sensitive information, which need s to be configured with restricted
access to this log data. Which of the following could be a solution?
Transition all sensitive logs into Object Storage using Service Connector.

0 By default, OCI Logging identifies and restricts access to any sensitive logs.

Choose separate logs group for sensitive logs and use 1AM policies. (*)

Configure Notifications Topic to alert when any sensitive data is logged in to Logging Service.

X l ncorrect. l og groups are cons i dered as log i cal containers for l ogs. One of the key
ourooses of Log groups is to segregate logs based on puroose. Logs wi th sensitive data
could be configured within a seoarate l og group and IA.\I policies created to restrict
access to that log group.

l_Previoui j Page 4 of 6 Ne xt Summary]

Observability Services
(Answer all questions in this section)

(0/ 1) Points
5. You are part of a team working on a DevOps project. There is a requirement to provision an Object
Storage bucket whenever the Code Repository is updated. Which of the following could be used here?

L"J Events Service (*)

Service Connector

Functions(*)

Streaming

X Incorrect. The key purpose of Events ser\'ice is to execute automated act ions based on
state chanees of OCI resources. E,·ents serdce has a feature named Rules that could run
specific Actions based or. hent Trpes. Rules is integrated ,d th Oracle Functions that can
be in,·oked to autocatical!r prods ion a resource such as Object Storage bucket \Then the
rule condition matches the hent Trpe for Code Reposi torr.

Previous Page 5 of 6 Ne xt j Summary

Observability Services
(Answer all q uestions in t his sectio n)

(1/ 1) Points
6 . Which of t he following service is integrated with OCI Monitoring that sends Alarms to a Slack channel?
Events Service

vault
0 Notifications (*)

Devops Project

._,Correct. OCI ~loni taring sen ice is integrated with :\"at if icat ions service . and the
configured :\"ot i ficat ions Topic enabl es to send Al arm data to destinations such as Emai 1 .
PagerDuty . Slack channel s , etc.

I PreYious I Page 6o f 61Sum mary I