ExamTopics Logo
Mail Us[email protected]
Menu
Oracle Discussions
exam questions

Exam 1z0-997-22 All Questions

View all questions & answers for the 1z0-997-22 exam
Go to Exam

Exam 1z0-997-22 topic 1 question 26 discussion

Actual exam question from Oracle's 1z0-997-22
Question #: 26
Topic #: 1
[All 1z0-997-22 Questions]

You are the security architect for a medium sized e-commerce company that runs all of their applications in Oracle Cloud Infrastructure (OCI). Currently, there are 14 unique applications, each deployed and secured in their own compartment. The Operations team has procured a new monitoring tool that will be deployed throughout the OCI ecosystem. Their requirement is to deploy one management node into each compartment.
Currently, the Operations team Identity and Access Management (IAM) group has the following policy: allow group OpsTeam to READ all-resources in tenancy
Once the new monitoring nodes are deployed, the Operations team may need to stop, start, or reboot them occasionally.
What is the most efficient solution to allow the Operations team to fully manage the monitoring nodes, without allowing them to alter other resources across the tenancy?

  • A. In each of the 14 compartments, create a new policy with the following statement: allow group OpsTeam to manage instance-family in compartment XXX where XXX is the name of the compartment where you are creating the policy.
  • B. Create a new policy in the root compartment with the following policy statement: allow group OpsTeam to manage instance-family in tenancy where ANY (request.operation – ‘UpdateInstance’, request.operation – ‘InstanceAction’)
  • C. Tag all the monitoring nodes with the defined tag AllPolicy:AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to manage instance-family in tenancy where target.resource.tag.AllPolicy.AllowAccess – ‘OpsTeam’
  • D. Tag all the monitoring nodes with the free-form tag AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to manage instance-family in tenancy where target.resource.tag.AllowAccess = ‘OpsTeam’
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by nenoAZ at July 22, 2023, 2:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
p55p
1 year, 6 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
nenoAZ
1 year, 6 months ago
Selected Answer: C
C is the best solution
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago