Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1067-23 Topic 7 Question 20 Discussion

Actual exam question for Oracle's 1Z0-1067-23 exam
Question #: 20
Topic #: 7
[All 1Z0-1067-23 Questions]

Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)

Scenario Description: (Hands-On Performance Exam Certification)

Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.

You start by setting up the following compartment hierarchy:

Tenancy (root)

Common-Infra

Network

Security

Applications

E-Comm

SCM

CRM

You create the following groups:

Network-Admins

Security-Admins

E-Comm-Admins

SCM-Admins

CRM-Admins

Write the IAM policies for the following use cases:

Assumptions:

Assume that all policies will be attached to the root compartment.

Write one policy per given text box.

Keep policies as simple as possible by using verbs instead of permissions (for example, ''inspect orm-stacks'' instead of ''ORM_STACK_INSPECT'') and aggregate resource types instead of individual ones (for example, ''file-family'' instead of ''file-systems'' and ''mount-targets'')

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.

Show Suggested Answer Hide Answer
Suggested Answer: A

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Solution- Policy Statement:

allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Solution- Policy Statement:

allow E-Comm-Admins to manage instance-family in compartment Applications:E-Commallow E-Comm-Admins to use virtual-network-family in compartment Common-Infra:Network

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.

Solution- Policy Statement:

allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}


Contribute your Thoughts:

Arlie
4 months ago
I hope there's no trick questions hidden in here. IAM can be a real policy minefield.
upvoted 0 times
Wayne
3 months ago
Just make sure to double-check your policies before applying them to avoid any issues.
upvoted 0 times
...
Freida
4 months ago
Yeah, IAM policies can get tricky, but as long as you follow the instructions, you should be good.
upvoted 0 times
...
Josphine
4 months ago
Don't worry, just take it step by step and you'll be fine.
upvoted 0 times
...
...
Jovita
4 months ago
This is like a treasure hunt for the perfect IAM policies. Let's do this!
upvoted 0 times
Kathrine
3 months ago
Great job! We've set up the IAM policies for our tenancy. Now we're ready to develop on OCI.
upvoted 0 times
...
Ammie
3 months ago
Now, for Task 3, SCM-Admins can provision, destroy, and back up block volumes in the SCM compartment for Phoenix and London only.
upvoted 0 times
...
Buck
4 months ago
For Task 2, E-Comm-Admins can provision and destroy compute instances in the E-Comm compartment using networking resources in the Network compartment.
upvoted 0 times
...
Royal
4 months ago
Let's start with Task 1. Network-Admins need to create and destroy network resources in the Network compartment.
upvoted 0 times
...
...
Dick
5 months ago
Okay, I think I got this. Time to put on my IAM policy writing hat!
upvoted 0 times
...
Susana
5 months ago
Hold up, does the policy have to cover all the resources mentioned or can I tackle them one by one?
upvoted 0 times
Denise
4 months ago
Exactly! It's important to keep the policies simple and focused on the specific tasks at hand.
upvoted 0 times
...
Olga
4 months ago
That makes sense. It's easier to manage and understand the policies that way.
upvoted 0 times
...
Ma
4 months ago
Yes, you can tackle them one by one. Just make sure each policy covers the specific resources mentioned in the task.
upvoted 0 times
...
Rikki
4 months ago
Once you have that policy set up, you can move on to the next task for E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment.
upvoted 0 times
...
Eliseo
4 months ago
That's good to know. I'll start by writing a policy for Network-Admins to create and destroy network-related resources in the Network compartment.
upvoted 0 times
...
Jamal
4 months ago
Yes, you can tackle them one by one. Just make sure each policy covers the specific resources mentioned in the task.
upvoted 0 times
...
...
Catrice
5 months ago
Yes, breaking it down to creating and destroying network-related resources helped me understand better.
upvoted 0 times
...
Lore
5 months ago
I think the key is to focus on the specific actions Network-Admins need to perform.
upvoted 0 times
...
Nguyet
5 months ago
I agree, setting up policies for Network-Admins was tricky.
upvoted 0 times
...
Francoise
5 months ago
Wait, I need to reread this carefully. There's a lot of compartment and group information to process.
upvoted 0 times
Arlen
5 months ago
If you have any questions or need clarification, feel free to ask!
upvoted 0 times
...
Isidra
5 months ago
Don't worry, take your time to understand the compartment hierarchy and group setup.
upvoted 0 times
...
...
Catrice
6 months ago
I found Task 1 quite challenging.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77