Oracle Cloud Platform Data Integration 2020 Specialist — Question 59

A programmer is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various Oracle
Cloud Infrastructure (OCI) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (IAM)? (Choose the best answer.)

Answer options

• A. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.
• B. Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server.
• C. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.
• D. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

Correct answer: A

Explanation

The correct answer is A because creating a dynamic group that includes the on-premises Linux server allows for secure and automated management of IAM policies based on resource tags. Option B is incorrect as policies need to be associated with users or groups, not directly with servers. Option C, while it involves user authentication, does not leverage the benefits of dynamic groups, and Option D exposes credentials, which is less secure.