Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1067-23 Topic 5 Question 22 Discussion

Actual exam question for Oracle's 1Z0-1067-23 exam
Question #: 22
Topic #: 5
[All 1Z0-1067-23 Questions]

Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)

Scenario Description: (Hands-On Performance Exam Certification)

Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.

You start by setting up the following compartment hierarchy:

Tenancy (root)

Common-Infra

Network

Security

Applications

E-Comm

SCM

CRM

You create the following groups:

Network-Admins

Security-Admins

E-Comm-Admins

SCM-Admins

CRM-Admins

Write the IAM policies for the following use cases:

Assumptions:

Assume that all policies will be attached to the root compartment.

Write one policy per given text box.

Keep policies as simple as possible by using verbs instead of permissions (for example, ''inspect orm-stacks'' instead of ''ORM_STACK_INSPECT'') and aggregate resource types instead of individual ones (for example, ''file-family'' instead of ''file-systems'' and ''mount-targets'')

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.

Show Suggested Answer Hide Answer
Suggested Answer: A

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Solution- Policy Statement:

allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Solution- Policy Statement:

allow E-Comm-Admins to manage instance-family in compartment Applications:E-Commallow E-Comm-Admins to use virtual-network-family in compartment Common-Infra:Network

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.

Solution- Policy Statement:

allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}


Contribute your Thoughts:

Cherry
4 months ago
The assumptions and instructions are pretty clear. I think I can knock this out without too much trouble.
upvoted 0 times
Kenda
3 months ago
Great idea. Let's make sure we grant the necessary permissions for each group according to the tasks provided.
upvoted 0 times
...
Lawrence
4 months ago
I agree, the instructions are straightforward. Let's start with Task 1 and write the policy for Network-Admins.
upvoted 0 times
...
...
Bettina
4 months ago
I think SCM-Admins should only be able to do that in Phoenix and London. It's important to restrict access based on location to maintain security.
upvoted 0 times
...
Dorcas
5 months ago
The compartment hierarchy and group structure are well-defined, which should make it easier to write the policies. I'll focus on using the correct verbs and aggregating the resource types as suggested.
upvoted 0 times
Cortney
4 months ago
SCM-Admins are allowed to provision, destroy, and back up block volumes in the SCM compartment specifically in Phoenix and London.
upvoted 0 times
...
Rosina
4 months ago
E-Comm-Admins can provision and destroy compute instances in the E-Comm compartment using networking resources in the Network compartment.
upvoted 0 times
...
Huey
4 months ago
Network-Admins should be able to create and destroy network-related resources in the Network compartment.
upvoted 0 times
...
...
Trina
5 months ago
That makes sense, Adolph. Task 3 was a bit confusing for me. Any thoughts on how SCM-Admins can provision, destroy, and back up block volumes in specific locations?
upvoted 0 times
...
Adolph
5 months ago
I think for Task 2, E-Comm-Admins should be able to provision and destroy compute instances in the E-Comm compartment using networking resources in the Network compartment.
upvoted 0 times
...
Chantell
5 months ago
This question seems straightforward, but I want to make sure I understand the requirements clearly before attempting to write the policies.
upvoted 0 times
Carey
4 months ago
Yes, we should write a policy statement specifically for that use case to ensure they have the necessary permissions.
upvoted 0 times
...
Monte
4 months ago
I think we need to give Network-Admins the ability to create and destroy network-related resources in the Network compartment.
upvoted 0 times
...
...
Bettina
5 months ago
I agree, Task 1 was tricky. I think we need to allow Network-Admins to create and destroy network-related resources in the Network compartment.
upvoted 0 times
...
Trina
5 months ago
I found Task 1 quite challenging. What about you, Bob?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77