최신 1z0-1067-23 무료덤프 - Oracle Cloud Infrastructure 2023 Cloud Operations Professional
Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy) Scenario Description: (Hands-On Performance Exam Certification) Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
* Tenancy (root)
* Common-Infra
* Network
* Security
* Applications
* E-Comm
* SCM
* CRM
You create the following groups:
* Network-Admins
* Security-Admins
* E-Comm-Admins
* SCM-Admins
* CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, "inspect orm-stacks" instead of "ORM_STACK_INSPECT") and aggregate resource types instead of individual ones (for example, "file-family" instead of "file-systems" and "mount-targets") Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
You start by setting up the following compartment hierarchy:
* Tenancy (root)
* Common-Infra
* Network
* Security
* Applications
* E-Comm
* SCM
* CRM
You create the following groups:
* Network-Admins
* Security-Admins
* E-Comm-Admins
* SCM-Admins
* CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, "inspect orm-stacks" instead of "ORM_STACK_INSPECT") and aggregate resource types instead of individual ones (for example, "file-family" instead of "file-systems" and "mount-targets") Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
정답:
See the solution below with Step by Step Explanation.
Explanation
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement:
* allow E-Comm-Admins to manage instance-familyincompartment Applications:E-Comm allow E-Comm-Admins tousevirtual-network-familyincompartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
Explanation
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement:
* allow E-Comm-Admins to manage instance-familyincompartment Applications:E-Comm allow E-Comm-Admins tousevirtual-network-familyincompartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:
정답: D
Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud Infrastructure (OCI)? (Choose two.)
정답: A,C
You have recently been asked to take over management of your company infrastructure provisioning efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle Cloud Infrastructure (OCI).
For the past few days the development environments have been failing to provision. Terraform re-turns the following error:
You locate the related code block in the Terraform config and find the following:
Which correction should you make to solve this issue? (Choose the best answer.)
For the past few days the development environments have been failing to provision. Terraform re-turns the following error:
You locate the related code block in the Terraform config and find the following:
Which correction should you make to solve this issue? (Choose the best answer.)
정답: C
You have created several block volumes in the us-phoenix-1 region in a specific compart-ment. The compartment can be identified by the following Oracle Cloud Infrastructure (OCI) unique identifier, or ocid1.compartment.oc1.phx..exampleuniquelD Your manager has asked you to leverage the OCI monitoring service and write a metric query showing all read IOPS at a one-minute interval, filtered to this compartment and aggregated for the maximum. Which metric query will you create?
정답: D
You are an admin of an OCI tenancy. To save cost, you want to restrict the amount of OCPUs that can be provisioned in each compartment. Which will allow this?
정답: A
You have been asked to update the lifecycle policy for object storage using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI). Which command can successful-ly update the policy? (Choose the best answer.)
정답: A
Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Inter-face (CLI) are TRUE? (Choose two.)
정답: A,B
Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.
What does Oracle allow as part of this testing? (Choose the best answer.)
What does Oracle allow as part of this testing? (Choose the best answer.)
정답: C