Oracle Cloud Infrastructure 2020 Architect Professional — Question 22

A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). This web server will make API calls to access OCI Object Storage to store all images uploaded by users.
For security purposes, your manager instructed you to ensure that the credentials used by the web server to allow access to OCI Object Storage are not stored locally on the compute instance.
What solution results in an implementation with the least effort for this scenario? (Choose the best answer.)

Answer options

• A. Configure the credentials using OCI Registry (OCIR) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage.
• B. Configure the credentials using Instance Principal to allow the web server to make API calls to OCI Object Storage.
• C. Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCI Object Storage.
• D. Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCI Object Storage.

Correct answer: C

Explanation

The correct answer is C because OCI Key Management allows for secure management of credentials without storing them on the instance, making it a suitable choice for accessing OCI Object Storage. Options A and B do not directly address the requirement for secure credential management, while option D is unrelated to API access management and focuses on data encryption.