Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Oracle Cloud Infrastructure Certification 1z0-1104-23 Full Course Free

Previous
Page: 4 / 6
Next
Question 16

Challenge 1 - Task 2 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured:

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task:

In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.

Options:

Question 17

Which are the three prerequisites for successfully configuring a Bastion managed SSH ses-sion to a compute instance in a private subnet? (Choose three.)

Options:

A.

The compute instance must have the Bastion cloud agent enabled.

B.

The private subnet must have a service or NAT gateway.

C.

The private subret must not have any gateway in it

D.

The SSH port forwarding feature needs to be enabled

E.

The compute instance must have the Bastion cloud agent disabled

F.

The route table associated with the subnet needs to have a route rule to a service or NAT gateway.

Question 18

which three resources are required to encrypt a block volume with the customer managed key?

Options:

A.

MAXIMUM SECURITY ZONE

B.

SYMMETRIC MASTER KEY ENCRYPTlON KEY

C.

BLOCK KEY

D.

OCI VAIRT

E.

IAM Policy Allowing Block Storage to Use Keys

F.

Secrets

Question 19

Which two services can leverage Vault symmetric encryption keys for data-at-rest? (Choose two.) OR Which OCI services can encrypt all data-at-rest? (Choose two.)

Options:

A.

Load Balancer

B.

Object Storage

C.

Block Volume

D.

WAF

E.

API Gateway

F.

CDN

Previous
Page: 4 / 6
Next
1z0-1104-23 Exam Questions Tutorials, Free 1z0-1104-23 Oracle Updates, Oracle Cloud Infrastructure Certification 1z0-1104-23 Full Course Free, Ace Your 1z0-1104-23 Oracle Cloud Infrastructure Certification Exam, 1z0-1104-23 Reviews Questions,
Exam Code: 1z0-1104-23
Exam Name: Oracle Cloud Infrastructure 2023 Security Professional
Last Update: Nov 21, 2024
Questions: 167
1z0-1104-23 pdf

1z0-1104-23 PDF

$28  $80
 Add to Cart
1z0-1104-23 Engine

1z0-1104-23 Testing Engine

$33.25  $95
 Add to Cart
1z0-1104-23 PDF + Engine

1z0-1104-23 PDF + Testing Engine

$45.5  $130
 Add to Cart