Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)
Scenario Description: (Hands-On Performance Exam Certification)
Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
Tenancy (root)
Common-Infra
Network
Security
Applications
E-Comm
SCM
CRM
You create the following groups:
Network-Admins
Security-Admins
E-Comm-Admins
SCM-Admins
CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, ''inspect orm-stacks'' instead of ''ORM_STACK_INSPECT'') and aggregate resource types instead of individual ones (for example, ''file-family'' instead of ''file-systems'' and ''mount-targets'')
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]
Task 3
Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.
You are working with Terraform on your laptop and have been tasked with spinning up multiple compute instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also required to collect IP addresses of provisioned instances and write them to a file and save it in your laptop. Which specific Terraform functionality can help accomplish this task? (Choose the best answer.)
You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI spending. Which two are valid targets for creating a budget in OCI? (Choose two.)
You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:
The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to a lack of swap space, forcing you to increase the size of the boot volume. Which step should NOT be included in the process used to solve the issue? (Choose the best answer.)