1Z0-997 — OCI DevOps Professional Study Guide

When configuring a deployment pipeline in OCI DevOps, which artifact source type allows you to reference container images from Oracle Cloud Infrastructure Registry (OCIR)?

• A Local file system artifact storage with Docker daemon integration
• B Generic HTTP artifact repository with image manifest URLs
• C Docker Hub artifact source with authentication credentials
• D OCIR artifact source with repository path specification ✓ Correct

You need to implement automated testing in your OCI DevOps pipeline that runs unit tests on every commit. Which build stage parameter should you use to ensure tests are executed before artifact creation?

• A ARTIFACT_GENERATION_MODE set to test-first execution
• B TEST_EXECUTION_HOOK pointing to external testing framework
• C PIPELINE_STAGE_ORDER configured with test stage priority
• D BUILD_SPEC_FILE with test commands in the test_commands section ✓ Correct

In OCI DevOps, when deploying to a Kubernetes cluster using a deployment pipeline, what is the primary purpose of the deployment manifest file?

• A To monitor resource utilization across all deployment stages
• B To encrypt sensitive data used during the deployment process
• C To authenticate the build runner against the container registry
• D To define Kubernetes resources and configurations for the target cluster deployment ✓ Correct

Your organization requires that all deployments include approval from a security team member before proceeding to production. Which OCI DevOps feature should you implement?

• A Deployment approval gates with manual approval triggers ✓ Correct
• B Artifact scanning with automatic rejection capabilities
• C Pipeline execution schedules with role-based access control
• D Build stage validators with security policy enforcement

When integrating OCI DevOps with GitHub repositories, which authentication method is recommended for secure credential management?

• A Plain text API keys in environment variables
• B GitHub personal access tokens stored in OCI Vault ✓ Correct
• C Hardcoded credentials in the pipeline configuration files
• D GitHub SSH keys embedded in build specifications

In OCI DevOps, what is the relationship between a build pipeline and a deployment pipeline?

• A Both pipelines must run simultaneously in parallel execution
• B Build and deployment pipelines are the same construct with different naming conventions
• C Deployment pipeline generates build specifications for the build pipeline
• D Build pipeline produces artifacts that deployment pipeline consumes ✓ Correct

You are troubleshooting a failed build in OCI DevOps. Where should you look to examine detailed logs of the build execution?

• A Build run logs accessible from the OCI DevOps console ✓ Correct
• B Local Docker daemon logs on the build server
• C GitHub repository webhook delivery logs
• D Container Registry push operation logs only

When using OCI DevOps to deploy applications across multiple regions, which deployment stage type allows you to target different compute instances in various regions?

• A Compute instance deployment stage with region-specific target group configuration ✓ Correct
• B Multi-region load balancer stage with automatic failover
• C Instance pool scaling stage with cross-region replication
• D Kubernetes cluster deployment stage limited to single region

Your build pipeline requires access to a private Maven repository. How should you configure credential access in the build specification?

• A Hard-code credentials in the build runner Docker image
• B Configure credentials only in the GitHub repository secrets settings
• C Store credentials directly in the pom.xml file committed to the repository
• D Use OCI Vault secrets referenced in build_spec.yaml with secret environment variables ✓ Correct

When configuring a deployment pipeline with multiple stages, what determines the order of execution between stages?

• A Random sequential execution determined by the deployment engine
• B The alphabetical order of stage names in the console UI
• C The creation timestamp of each stage in the pipeline
• D Stage dependencies explicitly defined in the pipeline configuration ✓ Correct

You need to implement canary deployments in OCI DevOps where 10% of traffic routes to the new version. Which deployment stage type supports traffic shifting?

• A Container Registry version tagging with automatic rollback
• B Load Balancer traffic shift deployment with percentage-based routing ✓ Correct
• C Compute instance reboot stage with gradual instance replacement
• D Kubernetes rolling update with manual pod deletion

In OCI DevOps, what is the purpose of the build specification (build_spec.yaml) file?

• A To define build steps, environment variables, artifacts, and artifact locations for the build process ✓ Correct
• B To configure firewall rules for the build runner instances
• C To manage container registry authentication and image tagging strategies
• D To specify the deployment targets and approval workflows

When a deployment fails in OCI DevOps, which rollback mechanism automatically reverts to the previous deployment?

• A Load balancer automatic health check rerouting to previous instances
• B Kubernetes automatic pod recovery with previous replica set activation
• C Manual rollback initiated through the console or API after failure detection ✓ Correct
• D Automatic rollback triggered by deployment failure without manual intervention

Your organization uses Infrastructure as Code (IaC) with Terraform. How should you integrate Terraform deployments with OCI DevOps?

• A Execute Terraform commands within a deployment stage referencing Terraform configuration files ✓ Correct
• B Convert all Terraform code to OCI Resource Manager stacks
• C Use Terraform Cloud exclusively without OCI DevOps integration
• D Manually apply Terraform configurations before initiating OCI DevOps pipelines

When configuring artifact repositories in OCI DevOps, which repository type supports storing generic artifacts like configuration files and documentation?

• A Docker artifact repository exclusively for container images
• B Maven artifact repository limited to Java artifacts
• C Package artifact repository for binary executables only
• D Generic artifact repository for any file type artifacts ✓ Correct

In OCI DevOps, how can you ensure that only specific users can approve deployments to production environments?

• A Implement encryption on deployment pipeline configurations
• B Store approval credentials in the build specification file
• C Use GitHub branch protection rules to restrict deployment permissions
• D Configure approval stage with IAM policies granting approval permissions to specific user groups ✓ Correct

When deploying to Oracle Kubernetes Engine (OKE), which type of deployment stage should you use in OCI DevOps?

• A Load balancer stage for traffic distribution only
• B Compute instance stage with manual kubectl commands
• C Kubernetes deployment stage configured with OKE cluster endpoint and credentials ✓ Correct
• D Container Registry image push stage without cluster targeting

Your build pipeline needs to skip certain stages based on which branch triggered the pipeline. Which build mechanism enables conditional stage execution?

• A Trigger conditions and stage filters based on branch patterns or tags ✓ Correct
• B Manual stage execution selection in the console for each pipeline run
• C Environment variable checking in the build specification script sections
• D Git webhook configuration with multiple pipeline definitions

What is the primary advantage of using OCI DevOps Container Registry scanning compared to manual image vulnerability scanning?

• A Improved container image build performance and faster push times
• B Enhanced Docker daemon functionality and local image caching
• C Reduced storage requirements for container images in the registry
• D Automated scanning on image push, consistent policy enforcement, and integration with deployment gates ✓ Correct

In a complex OCI DevOps pipeline, how should you handle sensitive configuration data that differs between development and production environments?

• A Store all configurations in plaintext in environment variable files
• B Use OCI Vault for secrets and OCI Config with environment-specific variable substitution ✓ Correct
• C Commit sensitive data to the source repository with gitignore exceptions
• D Manually update configuration files before each deployment stage

When using OCI DevOps with Function deployments, what does the Function deployment stage require as input?

• A Container image artifact containing the function code and runtime dependencies ✓ Correct
• B Raw source code files uploaded directly to the Functions service
• C Pre-compiled bytecode and function configuration files
• D Direct Git repository access without artifact intermediation

Your team uses GitLab repositories instead of GitHub. How should you connect GitLab with OCI DevOps?

• A Export GitLab repositories to GitHub before connecting to OCI DevOps
• B Configure GitLab connection through OCI DevOps with GitLab personal access token authentication
• C OCI DevOps supports only GitHub repositories, not GitLab
• D Use Git repository source with generic Git SSH connection ✓ Correct

In OCI DevOps, which monitoring feature should you enable to track deployment frequency, lead time for changes, and mean time to recovery?

• A Load balancer request rate metrics and latency tracking
• B Compute instance performance monitoring with CPU metrics
• C Container Registry vulnerability scanning reports only
• D DevOps Insights metrics showing DORA metrics and deployment analytics ✓ Correct

When configuring a build pipeline trigger, which event type allows the pipeline to start automatically when code is pushed to a specific branch?

• A Manual trigger requiring explicit console or API invocation only
• B Scheduled trigger running at predetermined time intervals
• C Container Registry trigger activated by image push events
• D Git Push trigger configured with branch name or pattern matching ✓ Correct

Your organization requires audit trails for all deployment approvals and modifications. Which OCI service should you integrate with OCI DevOps for compliance tracking?

• A OCI Identity and Access Management policy logs only
• B OCI Logging Analytics for application log analysis only
• C OCI Audit logging capturing all DevOps API calls and approval events ✓ Correct
• D OCI CloudGuard for real-time threat detection only

You are designing a CI/CD pipeline in OCI DevOps that needs to automatically trigger builds when code is pushed to a repository. Which service should you use as the primary trigger mechanism?

• A OCI Functions scheduled execution
• B Manual webhook configuration in the Git repository
• C OCI Notifications service directly
• D OCI Events with DevOps Build Pipeline ✓ Correct

In OCI DevOps, what is the primary purpose of using artifacts in a deployment pipeline?

• A To manage Git branch policies
• B To package and version build outputs for deployment across environments ✓ Correct
• C To track pipeline execution history
• D To store source code versions

You need to implement a canary deployment strategy using OCI DevOps. Which deployment type should you configure?

• A All-at-once deployment
• B Rolling deployment with instance replacement
• C Blue-green deployment
• D Traffic shifting deployment with percentage-based gradual rollout ✓ Correct

When configuring approval gates in an OCI DevOps deployment pipeline, what is a key consideration for security?

• A Bypass approvals for emergency fixes to production
• B Use IAM policies to restrict who can approve deployments to sensitive environments ✓ Correct
• C Store approval credentials in the pipeline YAML file
• D Approvals should always be automatic to ensure fast deployments

You are troubleshooting a failed build in OCI DevOps Build Pipeline. Where would you primarily look for detailed error information?

• A The Git repository commit history
• B Email notifications from the pipeline
• C OCI Logging service with the appropriate log group configured for the build pipeline ✓ Correct
• D OCI Monitoring dashboards only

In OCI DevOps, what role does a Build Spec file play in the build process?

• A It manages Git branch protection rules
• B It specifies the deployment environment details
• C It defines build steps, environment variables, and artifact output locations for the build pipeline ✓ Correct
• D It stores approval policies for deployment stages

You need to deploy a containerized application to OCI Container Instances using OCI DevOps. Which deployment pipeline configuration is most appropriate?

• A Use Kubernetes deployment to OKE cluster only
• B Use OCI Functions for all containerized deployments
• C Use Compute Instance deployment with shell scripts
• D Use Container Instance deployment stage configured with container image artifact and deployment specifications ✓ Correct

When using OCI DevOps with external Git repositories (GitHub, GitLab), what authentication method is recommended for security?

• A Use only public repositories without authentication
• B Embed credentials in environment variables in the build_spec.yaml
• C Store credentials in plaintext in the pipeline configuration
• D Use OCI Vault to store credentials and retrieve them via vault connector ✓ Correct

You are designing a multi-stage deployment pipeline with different approval requirements per stage. How should you implement this in OCI DevOps?

• A Use manual approvals in the first stage only
• B Create separate projects for each stage
• C Configure approval gates within each stage and apply different IAM policies to restrict approvers ✓ Correct
• D Implement all approvals using automated triggers

What is the primary benefit of using OCI DevOps Code Repositories instead of external Git repositories?

• A Support for more programming languages
• B Native integration with OCI services, built-in IAM, and seamless DevOps pipeline triggering ✓ Correct
• C Lower cost per repository
• D Better performance for all use cases

In OCI DevOps, how would you implement a policy that prevents deployment to production without successful passing of automated tests?

• A Add a test stage that must succeed before the production deployment stage in the pipeline ✓ Correct
• B Use manual approvals without automated validation
• C Store test results in OCI Object Storage and review manually
• D Configure IAM policies to block production deployments

You need to deploy to Kubernetes (OKE) using OCI DevOps. What artifact type should you primarily use?

• A Container images stored in OCI Container Registry ✓ Correct
• B Source code files
• C Binary artifacts
• D Terraform configuration files

When configuring environment-specific deployments in OCI DevOps, what is the best practice for managing configuration differences?

• A Hardcode all configuration values in the pipeline YAML
• B Store configuration only in application code
• C Use a single configuration for all environments
• D Use deployment parameters and environment-specific values files for configuration management ✓ Correct

You are implementing automated rollback for a failed deployment. What is a key consideration when using OCI DevOps?

• A Rollback is only available for blue-green deployments
• B Rollback is automatic and cannot be controlled
• C Configure the rollback policy and test rollback procedures before production use ✓ Correct
• D Manual rollback is the only supported approach

In OCI DevOps, what does the 'trigger' configuration in a Build Pipeline specify?

• A The artifact repository location
• B The compute resources allocated to the build
• C The approval required for deployment
• D The source code repository and branch that initiates the build when changes are detected ✓ Correct

You need to ensure that only signed container images are deployed using OCI DevOps. How would you implement this?

• A Manually verify each image before deployment
• B Disable image verification for faster deployments
• C Use only public images from Docker Hub
• D Configure image scanning in OCI Container Registry and add approval gates in the deployment stage ✓ Correct

When using OCI DevOps for microservices deployment, what approach enables independent deployment of services?

• A Create separate build and deployment pipelines for each microservice with independent triggers ✓ Correct
• B Create a single pipeline for all microservices
• C Deploy all microservices together in a monolithic pipeline
• D Use manual deployment for each microservice

In OCI DevOps, how do you handle sensitive data such as database passwords or API keys in build and deployment pipelines?

• A Pass them as command-line arguments
• B Store them in plaintext in the build_spec.yaml file
• C Use OCI Vault with appropriate IAM policies and vault connectors in the pipeline ✓ Correct
• D Store them in Git repository secrets

You are designing a deployment strategy that requires zero-downtime updates. Which deployment type should you implement?

• A Sequential instance replacement
• B Rolling deployment or blue-green deployment for zero-downtime transitions ✓ Correct
• C All-at-once deployment
• D Manual deployment with scheduled maintenance

What is the purpose of using OCI DevOps Parameter Store in deployment configurations?

• A To manage container registry access
• B To track Git commits
• C To manage and version environment-specific parameters and configuration values for deployments ✓ Correct
• D To store source code files

In a scenario where you need to deploy to both OCI Compute Instances and OKE clusters from a single pipeline, what is the best approach?

• A Deploy to Compute only and manually migrate to OKE
• B Use conditional deployment stages with different deployment targets and deployment specifications ✓ Correct
• C Create two separate pipelines for each environment
• D Use only OKE for all deployments

You need to implement compliance tracking for all deployments in OCI DevOps. What should you configure?

• A No tracking is necessary
• B Manual documentation in spreadsheets
• C Store compliance logs only in Git
• D Enable audit logging in OCI and use DevOps notifications for deployment events ✓ Correct

When using OCI DevOps with OCI Resource Manager (Terraform), how should deployment parameters be passed?

• A Use deployment parameters to pass Terraform variables and tfvars files in the deployment stage ✓ Correct
• B Use environment variables only
• C Embed all variables in the pipeline YAML
• D Edit the Terraform files directly before each deployment

What is a critical consideration when setting up automated rollback policies in OCI DevOps deployments?

• A Rollback always restores the previous application version without validation
• B Plan for data consistency and test rollback procedures to ensure service recovery without data corruption ✓ Correct
• C Rollback is instantaneous with no data loss
• D Rollback should be avoided in favor of always moving forward

You are configuring a build pipeline in OCI DevOps that needs to pull dependencies from a private artifact repository. Which authentication mechanism should you use to ensure secure access without exposing credentials in the build configuration?

• A Store credentials directly in the build_spec.yaml file
• B Embed credentials in environment variables within the pipeline definition
• C Configure basic authentication in plaintext within the artifact repository connection string
• D Use OCI Vault to store credentials and reference them via dynamic groups and policies ✓ Correct

A deployment pipeline is failing intermittently when deploying to multiple OKE clusters across different regions. What is the primary reason this occurs, and how should you resolve it?

• A Network latency between regions causes timeouts; increase the deployment timeout value globally
• B OKE clusters automatically sync configurations; you need to disable cross-region replication
• C Regional endpoints are deprecated; migrate all clusters to a single central region
• D Each region requires independent kubeconfig files and separate deployment stages with region-specific parameters ✓ Correct

Which of the following best describes the purpose of a deployment pipeline stage in OCI DevOps?

• A A versioning mechanism for tracking changes to infrastructure-as-code templates
• B A temporary container that runs build scripts and produces artifacts for testing purposes only
• C A logical grouping of deployment steps that execute sequentially or in parallel with defined approval gates and rollback policies ✓ Correct
• D An automated notification system that alerts on deployment success or failure

You need to implement canary deployments for a microservice using OCI DevOps. What is the recommended approach to gradually shift traffic from the old version to the new version?

• A Use deployment pipelines with multiple stages, traffic shifting policies, and integration with OCI Load Balancing or service mesh for gradual traffic migration ✓ Correct
• B Deploy all versions simultaneously and use application-level feature flags to control visibility
• C Create a new OKE cluster for each canary version and perform DNS failover
• D Deploy the new version to a separate compartment and manually adjust load balancer weights

When using OCI DevOps build pipelines, what is the function of the build_spec.yaml file?

• A It contains approval policies and notifications for pipeline execution
• B It configures the deployment targets and rollback strategies
• C It specifies infrastructure requirements and network policies for the build environment
• D It defines build steps, artifacts to produce, and environment variables for the build execution ✓ Correct

Your organization requires that all container images built through OCI DevOps pipelines must be scanned for vulnerabilities before deployment. How should you enforce this requirement?

• A Configure a post-build stage with automated vulnerability scanning and create a deployment approval gate that blocks deployment if critical vulnerabilities are found ✓ Correct
• B Manually scan images using the OCI Container Registry vulnerability scanner after each build
• C Deploy images to a staging environment first, then manually inspect before moving to production
• D Use image signing to prevent unauthorized images; vulnerability scanning is optional

What is the primary benefit of using OCI DevOps Artifacts compared to storing build outputs directly in Object Storage?

• A Artifacts support only Docker images, while Object Storage supports all file types
• B Artifacts include built-in versioning, metadata management, and integration with deployment pipelines for easier artifact promotion and tracking ✓ Correct
• C Artifacts provide faster network throughput for large files
• D Artifacts are automatically compressed to reduce storage costs by 90%

You are designing a CI/CD pipeline where a code change must trigger automated testing before proceeding to staging deployment. Which OCI DevOps component should you use to implement this automated workflow?

• A Manually invoke the build pipeline through the Console each time a change is made
• B Use OCI Functions to poll the repository for changes and manually execute tests
• C Set up a scheduled task that runs tests every hour regardless of code changes
• D Use OCI Events to trigger a build pipeline when code is committed, configure the build pipeline to run tests and produce test reports ✓ Correct

In a blue-green deployment strategy using OCI DevOps, what happens during the cutover phase?

• A Both blue and green environments run simultaneously with load balancing between them indefinitely
• B Users are gradually migrated from blue to green over several days using traffic shifting
• C All traffic is immediately switched from the blue environment to the green environment, with automatic rollback if the green environment fails health checks ✓ Correct
• D The blue environment is destroyed and a new green environment is created from scratch

When configuring a deployment pipeline to deploy to both OKE and Compute instances, what is the primary challenge you must address?

• A Each deployment target type requires different deployment plugins, configurations, and credential management; stages must be configured with target-specific parameters ✓ Correct
• B OCI DevOps does not support mixed deployment targets; separate pipelines must be created for each compute type
• C Deployment to OKE automatically includes Compute instance deployment with no additional configuration required
• D Compute instances cannot be accessed by DevOps pipelines without manual network configuration

You need to implement automated rollback for a failed deployment in OCI DevOps. Which approach is recommended?

• A Manually monitor deployment status and execute rollback scripts when failures are detected
• B Use DNS failover to automatically switch traffic to previous versions without touching deployed resources
• C Configure deployment failure policies that trigger automatic rollback, or use deployment stages with built-in rollback procedures and health check validations ✓ Correct
• D Store previous versions in Object Storage and manually retrieve them when rollback is needed