Your company will soon start moving critical systems into the Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us-ashburn-1 regions. As part of the migration plan, you review the company's existing security policies and written guidelines for the OCI platform usage within the company.Your security processes for critical systems require that all data be encrypted at rest using Customer-Managed Keys.Which TWO options ensure compliance with this policy? (Choose two.)
You are the security architect for a medium sized e-commerce company that runs all of their applications in Oracle Cloud Infrastructure (OCI). Currently, there are 14 unique applications, each deployed and secured in their own compartment. The Operations team has procured a new monitoring tool that will be deployed throughout the OCI ecosystem. Their requirement is to deploy one management node into each compartment.Currently, the Operations team Identity and Access Management (IAM) group has the following policy: allow group OpsTeam to READ all-resources in tenancyOnce the new monitoring nodes are deployed, the Operations team may need to stop, start, or reboot them occasionally.What is the most efficient solution to allow the Operations team to fully manage the monitoring nodes, without allowing them to alter other resources across the tenancy?
You have 10 Oracle Linux Compute instances within the ociarchpro compartment running in Oracle Cloud Infrastructure (OCI). The instances are placed in a private subnet inside a Virtual Cloud Network (VCN). You plan to leverage the Oracle Vulnerability Scanning service to gain visibility into potential vulnerabilities. Your goal is to improve the overall security posture.You create a Scan recipe with the following settings:Type: Compute -Name: ociproscanrecipe -CIS benchmark scanning: Enabled -CIS benchmark profile: Medium (More than 40% of the benchmarks failing is a high risk)Schedule: Daily -You create a target with the following settings:Type: Compute -Compartment: ociarchpro -Scan recipe: ociproscanrecipe -Targets: All compute instances in the selected target compartment and its sub-compartmentsHowever, you are not able to see the result of host scans for the compute target.For the given scenario, which is NOT a valid troubleshooting task?
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group'.You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of the resources.Which IAM policy should you write based on these requirements?
Given this compartment structure:You are managing a compute instance that currently resides in the Compute compartment. The Virtual Cloud Network (VCN) into which the compute instance was originally deployed, also resides in this compartment. To support a project-related task, you need to move just the compute instance to the SysTest-Team compartment. You log into your Oracle Cloud Infrastructure (OCI) account and use the Move Resource option to place the compute instance in the new compartment.What will be the result of your attempt to move the compute instance to the new compartment?
You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website.How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization?
