Oracle Cloud Infrastructure 2022 Architect Professional — Question 39

A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). These web servers will make API calls to access OCI Object Storage to store all images uploaded by users.
For security purposes, you must ensure that the credentials used by the web server to allow access to OCI Object Storage are not stored in the compute instance.
What solution results in an implementation with the least-effort for this scenario?

Answer options

• A. Configure the credentials to use Transparent Data Encryption (TDE) to automatically allow the web server to make API calls to the OCI Object Storage.
• B. Configure the credentials using OCI Registry (OCIR) to automatically connect with OKE allowing the web server to make API calls to the OCI Object Storage.
• C. Configure the credentials using OCI Vault to allow an instance to make API calls and grant access to OCI Object Storage.
• D. Configure the credentials using Instance Principals to allow the web server to make API calls to the OCI Object Storage.

Correct answer: D

Explanation

The correct answer is D because Instance Principals allow applications running on OCI compute instances to access other OCI services without needing to store credentials. The other options either do not directly address the requirement of not storing credentials or involve more complex setups that are not as straightforward as using Instance Principals.