1z0-1104-23 無料問題集「Oracle Cloud Infrastructure 2023 Security Professional」
Challenge 1 - Task 4 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Create a Linux Instance with the name [Provide Name Here] within the compartment.
Under placement, select the availability domain AD2.
Select Shape as VM.Standard2.1.
Provide your own public key to SSH the instance.
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Create a Linux Instance with the name [Provide Name Here] within the compartment.
Under placement, select the availability domain AD2.
Select Shape as VM.Standard2.1.
Provide your own public key to SSH the instance.
正解:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Compute and then click Instances.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: my_pbt_linux
Create in compartment: Select your work compartment name.
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.
Networking: Pick your PBT_SECRET_VCN01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Generate SSH Keys.
Click Generate a key pair for me.
Click Save private key (This will save the private key to your local workstation).
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status is Running.
After the instances are provisioned, details about it appear in the instance list. Copy and save the Public IP addresses, which will be required to connect to the instance using SSH.
Explanation:
SOLUTION:
From the navigation menu, select Compute and then click Instances.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: my_pbt_linux
Create in compartment: Select your work compartment name.
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.
Networking: Pick your PBT_SECRET_VCN01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Generate SSH Keys.
Click Generate a key pair for me.
Click Save private key (This will save the private key to your local workstation).
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status is Running.
After the instances are provisioned, details about it appear in the instance list. Copy and save the Public IP addresses, which will be required to connect to the instance using SSH.
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)