You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?
To set up instance principals so an application running on an instance can call OCI public services without user credentials, you need to create a dynamic group with matching rules to specify which instances are allowed to make API calls, create policies granting permissions to the dynamic group to access services, and deploy the application and SDK to all instances in the dynamic group. Generating Auth Tokens is not necessary for this setup as those are typically used for third-party applications or scenarios where dynamic groups and instance authentication are not possible.
You have been asked to create an Identity and Access Management (IAM) user that will authenticate to Oracle Cloud Infrastructure (OCI) API endpoints. This user must not be given credentials that would allow them to log into the OCI console.
Which two authentication options can you use? (Choose two.)
To authenticate to Oracle Cloud Infrastructure (OCI) API endpoints without accessing the OCI console, you should use an API signing key and an auth token. An API signing key allows programmatic access to API requests, while an auth token is a uniquely generated token used for API authentication purposes. Both methods bypass the need for console login credentials, making them suitable for this requirement.
You work for a health insurance company that stores a large number of patient health records in an Oracle Cloud Infrastructure (OCI) Object Storage bucket named "HealthRecords".
Each record needs to be securely stored for a period of 5 years for regulatory compliance purposes and cannot be modified, overwritten or deleted during this time period.
What can you do to meet this requirement?
To meet the requirement of securely storing patient health records for a period of five years without modification, overwriting, or deletion, you should create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five years and enable Retention Rule Lock on this bucket. This ensures that the records cannot be altered or deleted during the specified retention period, complying with regulatory requirements.
Which two components cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud Network? (Choose two.)
The two components that cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud Network are the default security list and the default route table. When a VCN is created, it automatically includes a default security list and a default route table. These components are integral to the functioning of the VCN and are therefore not deletable. Other components like the service gateway, routing gateway, and subnet can be managed and deleted as needed based on the user’s configuration requirements.
A financial firm is designing an application architecture for its online trading platform that must have high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure Object Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial data. The stored financial data in the bucket must not be affected even if there is an outage in one of the Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?
To ensure high availability, fault tolerance, and data durability even in the event of an outage in one availability domain or a complete region, the architect should create a replication policy to send data to a different bucket in another Oracle Cloud Infrastructure region. This approach provides continuous data synchronization across regions, protecting against regional failures and ensuring that the data remains accessible and durable without costly service disruptions.