Examice

Exam 1z0-997-22 All QuestionsBrowse all questions from this exam

Question 40

A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). These web servers will make API calls to access OCI Object Storage to store all images uploaded by users.

For security purposes, you must ensure that the credentials used by the web server to allow access to OCI Object Storage are not stored in the compute instance.

What solution results in an implementation with the least-effort for this scenario?

Configure the credentials to use Transparent Data Encryption (TDE) to automatically allow the web server to make API calls to the OCI Object Storage.

Configure the credentials using OCI Registry (OCIR) to automatically connect with OKE allowing the web server to make API calls to the OCI Object Storage.

Configure the credentials using OCI Vault to allow an instance to make API calls and grant access to OCI Object Storage.

Configure the credentials using Instance Principals to allow the web server to make API calls to the OCI Object Storage.

Correct Answer: D

To ensure that the credentials used by the web server to access OCI Object Storage are not stored in the compute instance, the best solution is to configure the credentials using Instance Principals. Instance Principals enable applications running on the compute instances to authenticate and make API calls without needing to manage credentials or storing them on the instance. This approach offers a seamless and secure method of accessing OCI services, aligning with the requirement of not storing credentials on the compute instance.

Discussion

daws08322Option: D

Configure the credentials using Instance Principal to allow the web server to make API calls to OCI Object Storage.