Oracle Exam 1Z0-1067-23 Topic 5 Question 22 Discussion

Actual exam question for Oracle's 1Z0-1067-23 exam

Question #: 22
Topic #: 5

[All 1Z0-1067-23 Questions]

The general syntax for an IAM policy is: Allow / to in where Which two are valid values for ?

Atenancy

Bavailability-domain aBCD:us-phoenix-1

Ccompartment MyCompartment

Dsecurity-zone MyZone

Eregion us-phoenix-1

Show Suggested Answer

Suggested Answer: A

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Solution- Policy Statement:

allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Solution- Policy Statement:

allow E-Comm-Admins to manage instance-family in compartment Applications:E-Commallow E-Comm-Admins to use virtual-network-family in compartment Common-Infra:Network

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.

Solution- Policy Statement:

allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}

by Adell at Jul 18, 2024, 10:55 AM

Limited Time Offer

25%

Off

Get Premium 1Z0-1067-23 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Cherry

10 months ago

The assumptions and instructions are pretty clear. I think I can knock this out without too much trouble.

upvoted 0 times

Kenda

10 months ago

Great idea. Let's make sure we grant the necessary permissions for each group according to the tasks provided.

upvoted 0 times

...

Lawrence

10 months ago

I agree, the instructions are straightforward. Let's start with Task 1 and write the policy for Network-Admins.

upvoted 0 times

...

Bettina

11 months ago

I think SCM-Admins should only be able to do that in Phoenix and London. It's important to restrict access based on location to maintain security.

upvoted 0 times

...

Dorcas

11 months ago

The compartment hierarchy and group structure are well-defined, which should make it easier to write the policies. I'll focus on using the correct verbs and aggregating the resource types as suggested.

upvoted 0 times

Cortney

10 months ago

SCM-Admins are allowed to provision, destroy, and back up block volumes in the SCM compartment specifically in Phoenix and London.

upvoted 0 times

...

Rosina

11 months ago

E-Comm-Admins can provision and destroy compute instances in the E-Comm compartment using networking resources in the Network compartment.

upvoted 0 times

...

Huey

11 months ago

Network-Admins should be able to create and destroy network-related resources in the Network compartment.

upvoted 0 times

...

Trina

11 months ago

That makes sense, Adolph. Task 3 was a bit confusing for me. Any thoughts on how SCM-Admins can provision, destroy, and back up block volumes in specific locations?

upvoted 0 times

...

Adolph

11 months ago

I think for Task 2, E-Comm-Admins should be able to provision and destroy compute instances in the E-Comm compartment using networking resources in the Network compartment.

upvoted 0 times

...