Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1109-23 Topic 1 Question 14 Discussion

Actual exam question for Oracle's 1Z0-1109-23 exam
Question #: 14
Topic #: 1
[All 1Z0-1109-23 Questions]

You are a DevOps project administrator. You are creating Oracle Cloud Infrastruc-ture (OCI) Identity and Access Management (IAM) policies that will be used in a DevOps CI/CD pipeline for deployment to an Oracle Container Engine for Kubernetes (OKE) environment. Which OCI IAM policy can be used?

Show Suggested Answer Hide Answer
Suggested Answer: D

To create an OCI IAM policy that will be used in a DevOps CI/CD pipeline for deployment to an OKE environment, you need to use a dynamic group and grant it the permission to manage all-resources in the target compartment. A dynamic group is a group of OCI resources that match a set of rules defined by the administrator. You can use a dynamic group to assign IAM policies to resources such as build pipelines and deployment pipelines. By granting the dynamic group the permission to manage all-resources, you allow it to perform any action on any resource type in the compartment, including OKE clusters, node pools, and Kubernetes resources. Verified Reference: [Dynamic Groups - Oracle Cloud Infrastructure Identity and Access Management], [Creating Dynamic Groups - Oracle Cloud Infrastructure Identity and Access Management]


Contribute your Thoughts:

Launa
6 months ago
It seems like there are valid arguments for each option, but we should consider the principle of least privilege in choosing the IAM policy.
upvoted 0 times
...
Elza
6 months ago
I see the point for all options mentioned, but I think option D might be too broad in allowing the deployment pipeline to manage all-resources.
upvoted 0 times
...
Alethea
6 months ago
I think option B could work too, as it allows the build pipeline group to manage all-resources in the compartment.
upvoted 0 times
...
Ivan
6 months ago
I'm not sure, but option C with the dynamic-group for code repository also seems like a valid choice.
upvoted 0 times
...
Dallas
6 months ago
I agree with Enola, option A seems like the most specific and secure choice for the IAM policy.
upvoted 0 times
...
Enola
7 months ago
I think option A makes sense, as it specifically allows the deployment pipeline group to manage the devops-family resources.
upvoted 0 times
...
Doug
7 months ago
I see now, option C) makes sense for managing devops-family in a secure way.
upvoted 0 times
...
Refugia
7 months ago
That's a good point, using dynamic groups can provide more granular control.
upvoted 0 times
...
Vallie
7 months ago
I think option C) with dynamic-group for code repository is the most secure choice.
upvoted 0 times
...
Refugia
7 months ago
But option A) specifies the exact group for managing devops-family.
upvoted 0 times
...
Doug
7 months ago
I disagree, I believe option B) is more appropriate.
upvoted 0 times
...
Refugia
7 months ago
I think option A) is the best choice.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77