1z0-1084-24 Exam Dumps - Oracle Cloud Infrastructure 2024 Developer Professional

Explanation

The two components that are part of the Cloud Native Computing Foundation (CNCF) container runtime are: containerd: containerd is an open-source container runtime that provides a runtime environment for containers, including managing container images, executing containers, and handling container lifecycle events. It is designed to be lightweight and extensible, providing the necessary functionality to run containers efficiently. runc: runc is a lightweight container runtime that serves as a reference implementation of the Open Container Initiative (OCI) runtime specification. It is responsible for launching and managing containers based on OCI specifications, including handling container isolation, namespaces, cgroups, and other low-level container operations. These two components, containerd and runc, are widely used in the container ecosystem and are part of the CNCF's efforts to promote and develop open-source technologies for cloud-native computing.

Explanation

The correct answer in this scenario is to use the OCI API Gateway service and configure rate limiting. Using the OCI API Gateway service and configuring rate limiting is an effective approach to address Distributed Denial-of-Service (DDoS) attacks. By implementing rate limiting, you can control the number of requests that can be made to your web service within a specific time frame. This helps to prevent overload and ensures that your service can handle legitimate traffic while mitigating the impact of DDoS attacks. By leveraging the OCI API Gateway service, you can easily configure rate limiting rules to restrict the number of requests per second or per minute. This allows you to set appropriate thresholds and safeguard your web service from being overwhelmed by excessive requests. The API Gateway acts as a protective layer, filtering out malicious traffic and ensuring the smooth operation of your service. While options like OCI Virtual Cloud Network (VCN) segregation and third-party service integrations may contribute to overall security, they do not specifically address DDoS attacks as efficiently as rate limiting. VCN segregation focuses more on network segmentation and isolation, while third-party service integration may introduce additional dependencies and complexities. Re-writing your web service and implementing rate limiting is a viable option, but it may not be feasible considering the time constraints mentioned. Leveraging the OCI API Gateway service provides a quicker and easier solution to implement DDoS attack mitigation through rate limiting.

To prevent images from being deleted from a repository, you can set the global policy of image retention to “Retain All Images”. This policy applies to all repositories in the tenancy and overrides any individual repository settings. You can also lock the policy to prevent any changes to it. Verified References: Using Retention Rules to Preserve Data

When configuring an OCI API Gateway deployment, you need to specify the backend type for each route in your API deployment specification3. The backend type determines how the API gateway handles requests to that route and forwards them to the appropriate backend service3. The following backend types are valid options for an OCI API Gateway deployment3:

HTTP_BACKEND: The API gateway forwards requests to an HTTP or HTTPS URL as the backend service.

ORACLE_FUNCTIONS_BACKEND: The API gateway invokes an Oracle Functions function as the backend service.

STOCK_RESPONSE_BACKEND: The API gateway returns a stock response without invoking any backend service. ORACLE STREAMS_BACKEND is not a valid backend type for an OCI API Gateway deployment. Oracle Streams is a fully managed, scalable, and durable messaging service that you can use to ingest and consume large amounts of data in real-time4. However, Oracle Streams is not supported as a backend service for an OCI API Gateway deployment.

OCI Queue is a service for enabling asynchronous (decoupled) communication in a serverless manner3. Queue handles high-volume transactional data that requires independent processing without loss or duplication3. Queue supports ordering of messages within a queue by using the FIFO (first-in-first-out) delivery option3. Therefore, using a single queue to process all transactions ensures that all transactions are processed in order and that no transaction is lost. Verified References: Overview of Queue

To push a new Docker container image to a repository in OCI Registry, you need to use an Auth Token to complete the authentication via the Docker CLI1. An Auth Token is a secure, auto-generated password that you can use to authenticate with OCI services such as OCI Registry1. You can generate an Auth Token in the Console by following these steps1:

In the top-right corner of the Console, open the Profile menu and then click User settings to view the details.

On the Auth Tokens page, click Generate Token.

Enter a friendly description for the auth token. Avoid entering confidential information.

Click Generate Token. The new auth token is displayed.

Copy the auth token immediately to a secure location from where you can retrieve it later, because you won’t see the auth token again in the Console.

Close the Generate Token dialog. After generating an Auth Token, you need to log in to OCI Registry by entering docker login .ocir.io in a terminal window on the client machine running Docker, where corresponds to the key for the OCI Registry region you’re using1. When prompted for a username, enter your username in the format /, where is the auto-generated Object Storage namespace string of your tenancy1. When prompted for a password, enter the Auth Token you copied earlier1.