Questions for the 1Z0-1109-25 were updated on : Dec 01 ,2025
A DevOps team is deploying a new version of their application to their production environment using
the Canary deployment strategy in the OCI DevOps service. They want to ensure that the production
environment is not affected by any potential issues caused by the new version.
Which statement is true in regards to the Canary deployment strategy?
C
Explanation:
In a Canary deployment strategy, a new version of an application is rolled out to a small subset of the
production environment (the canary) first, while the majority of the production environment still
runs the current stable version. This approach helps to detect potential issues before the new version
is fully deployed.
The Invoke Function stage can be used as an optional step in the deployment pipeline to run
additional validation (e.g., automated tests or other checks) on the new version before gradually
shifting more traffic to it or moving to full production deployment.
An operations team wants to leverage the advanced features of Container Engine for Kubernetes
(OKE) and requires granular control over cluster add-ons, workload identity, and improved worker
node management. They also prioritize strong security measures and require a financially-backed
service level agreement (SLA) for Kubernetes API server uptime.
Which type of cluster should they choose to meet their requirements?
A
Explanation:
Enhanced clusters in Oracle Container Engine for Kubernetes (OKE) provide advanced features such
as granular control over cluster add-ons, workload identity, and improved worker node
management. They also offer strong security measures and come with a financially-backed service
level agreement (SLA) for Kubernetes API server uptime, ensuring higher reliability and support for
production workloads.
How can you run applications on GPU worker nodes in clusters created using Container Engine for
Kubernetes (OKE)?
C
Explanation:
To run applications on GPU worker nodes in Oracle Kubernetes Engine (OKE), you need to:
Select a managed node pool and choose a GPU shape for the worker nodes.
Use a GPU image that has the necessary CUDA libraries pre-installed to ensure that GPU workloads
can be executed properly.
In the pod specification, specify the number of GPU resources required for the container to utilize the
GPU hardware during execution. This allows Kubernetes to schedule the pod on a node with an
available GPU.
You’re using Oracle Cloud Infrastructure (OCI) DevOps to deploy your application on an Oracle
Container Engine for Kubernetes (OKE) environment. You push your code to the OCI Code Repository,
add all the required stage and configure the build and deployment pipeline. When you run the build,
you see "unable to clone the repository" error.
What could the configuration error be?
B
Explanation:
The error "unable to clone the repository" typically indicates that there is an authentication or
authorization issue preventing access to the OCI Code Repository. In OCI DevOps, the build pipeline
must have the appropriate permissions to access the code repository.
To allow the build pipeline to clone the repository, you need to set up Dynamic Groups and OCI IAM
policies that provide the necessary permissions for the build runner to access the code repository.
A small company is moving to a DevOps framework to better accommodate their intermittent
workloads, which are dynamic and irregular. They want to adopt a consumption-based pricing
model.
Which Oracle Cloud Infrastructure service can be used as a target deployment environment?
D
Explanation:
Oracle Cloud Infrastructure Functions is a serverless compute service that supports a consumption-
based pricing model. This means that you are only charged for the compute resources when your
function is invoked. This is ideal for intermittent, dynamic, and irregular workloads since the
company does not need to provision infrastructure in advance, and costs are directly tied to usage.
You’re using Oracle Cloud Infrastructure (OCI) DevOps to automate your application deployment for
frequent releases. In one of your automation steps, you’ll create a deployment pipeline.
What does this deployment pipeline do in OCI DevOps?
B
Explanation:
A deployment pipeline in OCI DevOps is used to automate the deployment of application artifacts to
a target environment. It is a sequence of stages that includes steps such as approvals, traffic shifts,
manual interventions, and the actual deployment of the artifacts to environments like Kubernetes
clusters or compute instances.
As a DevOps engineer working on an OCI project, you’re setting up a deployment pipeline to
automate your application deployments.
Which statement is false about deployment pipeline in OCI DevOps?
A
Explanation:
Helm charts are used to manage Kubernetes deployments, not OCI Functions. Helm charts are
deployed to Kubernetes clusters, such as OCI Container Engine for Kubernetes (OKE), to manage
containerized applications. OCI Functions are serverless and do not use Helm charts for deployment.
Which of the following is NOT considered a DevOps resource in the context of the OCI DevOps
project service?
B
Explanation:
In the context of OCI DevOps project service, the key DevOps resources include:
Environments: These are used to represent deployment targets, such as Kubernetes clusters,
compute instances, or functions.
Build pipelines: These automate the building, testing, and packaging of software.
Code repositories: These store source code for the application being built, providing version control
and collaboration.
API integrations are not directly considered a DevOps resource in OCI DevOps projects. Instead, they
facilitate communication and integration with other tools or services but do not represent a core
component of DevOps projects like environments, build pipelines, or code repositories.
You’re using Oracle Cloud Infrastructure (OCI) DevOps service to automate your software releases to
release features more frequently and with fewer errors. While deploying an update to production,
one of your deployment stages failed.
What action should you perform in your Deployment Pipeline?
D
Explanation:
When a deployment stage fails in a OCI DevOps Deployment Pipeline, the recommended approach is
to roll back to the previous successful version to ensure that the production environment remains in
a stable state. This approach minimizes disruption and ensures that your system continues to
function properly while the issue with the failed deployment is investigated and fixed.
You have been asked to provision a new production environment on Oracle Cloud Infrastructure
(OCI). After working with the solution architect, you decide that you are going to automate this
process.
Which OCI service can help automate the provisioning of this new environment?
D
Explanation:
OCI Resource Manager is an infrastructure as code (IaC) service that allows you to automate the
provisioning of resources on Oracle Cloud Infrastructure (OCI) using Terraform. It is ideal for
automating the setup of environments, as it can manage the full lifecycle of your infrastructure in a
consistent, repeatable, and version-controlled manner.
You host your application on a stack in Oracle Cloud Infrastructure (OCI) Resource Manager. Because
of recent growth in your user base, you decide to add a CIDR block to your VCN, add a subnet, and
provision a compute instance in it.
Which statement is true?
D
Explanation:
Oracle Cloud Infrastructure (OCI) Resource Manager uses Terraform to manage infrastructure
resources. If you need to add new resources (e.g., a new CIDR block, subnet, and compute instance),
you can simply make the necessary changes to the Terraform code defining the stack.
After modifying the Terraform configuration to include the new resources, you can run an Apply job
in Resource Manager. The Apply job will provision the new resources in your OCI environment
according to the updated Terraform code.
Which two are prerequisites for creating a secret in Oracle Cloud Infrastructure Vault service?
(Choose two.)
B, C
Explanation:
You need the required permissions (such as policies allowing secret management) to create and
manage secrets in Oracle Cloud Infrastructure (OCI) Vault service. These permissions are essential for
performing operations such as creating, reading, and managing secrets.
Vault managed key is required to encrypt the secret before it is stored in the OCI Vault. The managed
key acts as the encryption key for securing the secret, ensuring its confidentiality.
Which statement is false about OCI Resource Manager (RM)?
A
Explanation:
Resources provisioned through OCI Resource Manager (RM) can still be modified or destroyed from
outside of RM, such as using the OCI Console, CLI, or other APIs. RM manages the lifecycle of
resources created by its Terraform configurations, but it does not prevent other tools or methods
from modifying or deleting those resources.
Which OCI DevOps project resource is responsible for defining the stages for compiling, testing, and
running software applications before deployment?
B
Explanation:
Build pipelines in OCI DevOps are responsible for defining the stages involved in compiling, testing,
and running software applications. These pipelines automate the process of building the code,
running unit tests, scanning for vulnerabilities, and packaging the software, all of which occur before
deploying the application.
While adding variables to your build_spec.yaml file, you made a mistake that resulted in a failed
build pipeline.
What is the error you could have made?
A
Explanation:
In build_spec.yaml for OCI DevOps, variables must be correctly defined and used according to the
specification. If you defined parameters using ${VARIABLE_NAME} and then attempted to assign
their values through the Parameters tab in the build pipeline, you may have introduced an error. The
syntax and usage of parameters must be properly defined in both the build_spec.yaml and the build
pipeline interface.