1z0-1067-24試験無料問題集「Oracle Cloud Infrastructure 2024Cloud Operations Professional 認定」
SIMULATION
Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy) Scenario Description: (Hands-On Performance Exam Certification) Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
Tenancy (root)
Common-Infra
Network
Security
Applications
E-Comm
SCM
CRM
You create the following groups:
Network-Admins
Security-Admins
E-Comm-Admins
SCM-Admins
CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, "inspect orm-stacks" instead of "ORM_STACK_INSPECT") and aggregate resource types instead of individual ones (for example, "file-family" instead of "file-systems" and "mount-targets") Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy) Scenario Description: (Hands-On Performance Exam Certification) Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
Tenancy (root)
Common-Infra
Network
Security
Applications
E-Comm
SCM
CRM
You create the following groups:
Network-Admins
Security-Admins
E-Comm-Admins
SCM-Admins
CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, "inspect orm-stacks" instead of "ORM_STACK_INSPECT") and aggregate resource types instead of individual ones (for example, "file-family" instead of "file-systems" and "mount-targets") Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
正解:
See the solution below with Step by Step Explanation
Explanation:
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement:
allow E-Comm-Admins to manage instance-family in compartment Applications:E-Comm allow E-Comm-Admins to use virtual-network-family in compartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
Explanation:
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement:
allow E-Comm-Admins to manage instance-family in compartment Applications:E-Comm allow E-Comm-Admins to use virtual-network-family in compartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
You are asked to investigate a potential security risk on your company Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity. How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? (Choose the best answer.)
正解:C
解答を投票する
A developer has created a file system in the Oracle Cloud Infrastructure (OCI) File Storage service. She then launches an Oracle Linux compute instance and mounts the file system successfully on this instance. The next day, she tries writing to the file system from the compute instance using the following command: touch /mnt/yourmountpoint/helloworld.txt But receives an error message: touch: cannot touch '/mnt/yourmountpoint/helloworld.txt': Permission denied What might be the reason for this error?
正解:C
解答を投票する
You have been monitoring your company applications running in Oracle Cloud Infra-structure (OCI) and notice that the application is using OCI Traffic Management service. This service uses a traffic steering policy to distribute the DNS traffic based on subnet addresses in a rule set. Which steering policy is in use in this particular case? (Choose the best answer.)
正解:A
解答を投票する