New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Oracle Cloud Infrastructure Certification 1z0-1104-23 Full Course Free

Page: 4 / 6
Question 16

Challenge 1 - Task 2 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured:

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task:

In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.

Options:

Question 17

Which are the three prerequisites for successfully configuring a Bastion managed SSH ses-sion to a compute instance in a private subnet? (Choose three.)

Options:

A.

The compute instance must have the Bastion cloud agent enabled.

B.

The private subnet must have a service or NAT gateway.

C.

The private subret must not have any gateway in it

D.

The SSH port forwarding feature needs to be enabled

E.

The compute instance must have the Bastion cloud agent disabled

F.

The route table associated with the subnet needs to have a route rule to a service or NAT gateway.

Question 18

which three resources are required to encrypt a block volume with the customer managed key?

Options:

A.

MAXIMUM SECURITY ZONE

B.

SYMMETRIC MASTER KEY ENCRYPTlON KEY

C.

BLOCK KEY

D.

OCI VAIRT

E.

IAM Policy Allowing Block Storage to Use Keys

F.

Secrets

Question 19

Which two services can leverage Vault symmetric encryption keys for data-at-rest? (Choose two.) OR Which OCI services can encrypt all data-at-rest? (Choose two.)

Options:

A.

Load Balancer

B.

Object Storage

C.

Block Volume

D.

WAF

E.

API Gateway

F.

CDN

Page: 4 / 6
Exam Code: 1z0-1104-23
Exam Name: Oracle Cloud Infrastructure 2023 Security Professional
Last Update: Dec 22, 2024
Questions: 167
1z0-1104-23 pdf

1z0-1104-23 PDF

$25.5  $84.99
1z0-1104-23 Engine

1z0-1104-23 Testing Engine

$28.5  $94.99
1z0-1104-23 PDF + Engine

1z0-1104-23 PDF + Testing Engine

$40.5  $134.99