Which is NOT a part of Observability and Management Services?
https://www.oracle.com/in/manageability/
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?
https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf
An automobile company needs to configure Bastion Managed SSH session to a compute
instance in a private subnet. What are the TWO prerequisites to configure successfully?
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py
Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id>
For example: Secret id = ''ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
On which option do you set Oracle Cloud Infrastructure Budget?
How Budgets Work
Budgets are set oncost-tracking tagsor on compartments (including theroot compartment) to track all spending in that cost-tracking tag or for that compartment and its children.
https://docs.oracle.com/en-us/iaas/Content/Billing/Concepts/budgetsoverview.htm
