Exam 1z0-1072-20 topic 1 question 6 discussion

The correct answer is B Create a dynamic group. In the dynamic group definition, you provide the matching rules to specify which instances you want to allow to make API calls against services. Create a policy granting permissions to the dynamic group to access services in your tenancy (or compartment). A developer in your organization configures the application built using the Oracle Cloud Infrastructure SDK to authenticate using the instance principals provider. The developer deploys the application and the SDK to all the instances that belong to the dynamic group. https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm

B is correct. See https://blogs.oracle.com/cloud-infrastructure/announcing-instance-principals-for-identity-and-access-management

The correct answer is B The following steps summarize the process flow for setting up and using instances as principals. The subsequent sections provide more details. * Create a dynamic group. In the dynamic group definition, you provide the matching rules to specify which instances you want to allow to make API calls against services. * Create a policy granting permissions to the dynamic group to access services in your tenancy (or compartment). * A developer in your organization configures the application built using the Oracle Cloud Infrastructure SDK to authenticate using the instance principals provider. The developer deploys the application and the SDK to all the instances that belong to the dynamic group. * The deployed SDK makes calls to Oracle Cloud Infrastructure APIs as allowed by the policy (without needing to configure API credentials). * For each API call made by an instance, the Audit service logs the event, recording the OCID of the instance as the value of the principal Id in the event log.

B is correct.

Auth Tokens are to use, when the usage of dynamic groups and instance authentication in not possible (for example a third-party application).

You all are missing the keyword "NOT" from this question

Steps to Enable Instances to Call Services: FROM: https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm 1 - Create a Dynamic Group and Matching Rules 2 - Write Policies for Dynamic Groups 3 - Configure the SDK, CLI, or Terraform dude

From Oracle documentation: Dynamic groups allow you to group Oracle Cloud Infrastructure instances as principal actors, similar to user groups. You can then create policies to permit instances in these groups to make API calls against Oracle Cloud Infrastructure services. https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm

Sure: "B" is the correct answer! Another WRONG solution !!! (we've reached 5 out of 6 WRONG solutions !!!)

The correct answer is A https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm

the question is "which is not required" So answer may not be B

you do not have to create any 2FA token for instance principles to work.

A is the correct answer: Create a dynamic group. In the dynamic group definition, you provide the matching rules to specify which instances you want to allow to make API calls against services. See process overview: https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm

B is correct