Questions and Answers

Questions

  1. You have created a new compartment called Production to host some production apps. You have also created users in your tenancy and added them to a Group called "production_group". Your users are still unable to access the Production compartment. How can you resolve this situation?

    1. Every compartment you create comes with a predefined set of policies, so no further action is needed.

    2. Your users get automatic access to all compartments, so no further action is needed.

    3. Write an IAM Policy for "production_group" granting it access to the production compartment.

    4. Write an IAM Policy for each specific user granting them access to the production compartment.


  1. You have the following compartment structure in your tenancy. Root compartment->Training->Training-sub-1->Training-sub2. You create a policy in the root compartment to allow the default admin for the account (Administrators) to manage block volumes in compartment Training-sub2. What policy would you write to meet this requirement?

    1. Allow group Administrators to manage volume-family in compartment Training-sub1:Training-sub2

    2. Allow group Administrators to manage volume-family in compartment Training:Training-sub1:Training-sub2

    3. Allow group Administrators to manage volume-family in compartment Training-sub2

    4. Allow group Administrators to manage volume-family in root compartment


  1. You have been notified of an application failure indicating that one or more of the Oracle Cloud Infrastructure (OCI) resources have become unavailable. After scanning the Compute and Database consoles, you noticed that one of the DD systems is missing. What would you do to identify the reason for this missing resource?

    1. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any resource that was deleted in the past 24 hours.

    2. Create a serial console connection to the DB system that does not appear in the management console. Connect to the serial connection, and then review the system logs under /log/messages.

    3. View the service limits associated with your account to ensure that you have not exceeded the allowable number of DB systems in your tenancy

    4. Navigate to the Audit console and search the previous 24 hours for all List actions to get a list of every event that occurred in the past 24 hours.


  1. Which of the following is NOT a valid IAM policy statement

    1. Allow group StorageAdmins to manage file-family in compartment CorpStorage

    2. Allow group PHX-Admins to manage all-resources in tenancy where request.region=’phx’

    3. Allow user TenancyAdmin to manage all resources in tenancy

    4. Allow dynamic-group AppServers to manage object-family in compartment App_Prod where target.bucket.name!=’/confidential-*/’


  1. Your company has been running several small applications in Oracle Cloud Infrastructure and is planning a proof of concept (POC) to deploy PeopleSoft. If your existing resources are being maintained in the root compartment, what is the recommended approach for defining security for the upcoming POC?

    1. Provision of all new resources into the root compartment. Grant permissions only allow for the creation and management of resources specific to the POC.

    2. Create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment. 

    3. Create a new tenancy for the POC. Provision of all new resources into the root compartment. Grant appropriate permissions to create and manage resources within the root compartment

    4. Provision of all new resources into the root compartment. Use defined tags to separate resources that belong to different applications.


  1. Which three components can you configure in Oracle Cloud Infrastructure Identity and Access Management?

    1. Groups

    2. Users

    3. VCNs

    4. Instances

    5. Policies


  1. You have an instance running in a development compartment that needs to make API calls against other OCI services, but you do not want to configure user credentials or store configuration files on the instance. How can you meet the requirement?

    1. Instances can automatically make calls to other services

    2. Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group

    3. Create a dynamic group with matching rules to include your instance.

    4. Instances are secure and cannot make calls to other OCI services


















Answers:

1. c. Write an IAM Policy for "production_group" granting it access to the production compartment.

2. b. Allow group Administrators to manage volume-family in compartment Training:Training-sub1:Training-sub2

3. a. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any resource that was deleted in the past 24 hours.

4. c. Allow user TenancyAdmin to manage all resources in tenancy

5. b. Create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment.

6. a. Groups, b. Users, e. Policies

7. b. Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group



Comments

Post a Comment

Popular posts from this blog

Exam Study

 In the left side sections (Study Guide), you will find a list of subjects that helps in the exam study.  I will be adding more pages to cover other subjects. Being an OCI Architect requires practical experience. I advise you to get a free account to practice your knowledge. To get OCI free access, follow this link Using the Oracle documentation, this study guide and practicing in your free Oracle OCI instance should help you to accomplish your goals and pass the OCI Architect Exam.  If you have questions, let me know in the comments and I will try to help.
Read more