Join the discussion
Question 1/23
Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?
Correct Answer: C
In Oracle Cloud Infrastructure (OCI), Identity and Access Management (IAM) policies are used to control access to resources. The policy in option C is invalid because "any-user" is not a valid principal in OCI IAM policies. OCI policies can only grant permissions to groups or dynamic groups, but not to arbitrary users.
Here's an explanation for each option:
A . Allow dynamic-group 'Default'/'FrontEnd' to manage instance-family in compartment Project-A: This is valid. It grants the dynamic group 'FrontEnd' the ability to manage instances within the Project-A compartment.
B . Allow group 'Default'/'A-Admins' to manage all-resources in compartment Project-A: This is valid. It provides full administrative access to all resources in the Project-A compartment for the 'A-Admins' group.
C . Allow any-user to inspect users in tenancy: This is invalid because OCI does not allow the use of "any-user" in policies. You must specify a valid group or dynamic group to define permissions.
D . Allow group 'Default'/'A-Developers' to create volumes in compartment Project-A: This is valid. It permits the 'A-Developers' group to create volumes in the Project-A compartment.
For reference:
OCI Policy Reference
Here's an explanation for each option:
A . Allow dynamic-group 'Default'/'FrontEnd' to manage instance-family in compartment Project-A: This is valid. It grants the dynamic group 'FrontEnd' the ability to manage instances within the Project-A compartment.
B . Allow group 'Default'/'A-Admins' to manage all-resources in compartment Project-A: This is valid. It provides full administrative access to all resources in the Project-A compartment for the 'A-Admins' group.
C . Allow any-user to inspect users in tenancy: This is invalid because OCI does not allow the use of "any-user" in policies. You must specify a valid group or dynamic group to define permissions.
D . Allow group 'Default'/'A-Developers' to create volumes in compartment Project-A: This is valid. It permits the 'A-Developers' group to create volumes in the Project-A compartment.
For reference:
OCI Policy Reference
Add Comments
- Other Question (23q)
- Q1. Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is inv...
- Q2. You can attach resources to a Dynamic Routing Gateway (DRG). Select THREE of these resourc...
- Q3. Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are ...
- Q4. What is a key advantage of utilizing administrator roles for access control within OCI IAM...
- Q5. Which statement accurately describes ephemeral principals?...
- Q6. How would you allow access to FSS for a DB System with read-only permissions?...
- Q7. Which IAM Identity Domain type should you create for a full-featured Identity-as-a-Service...
- Q8. Which OCI Object Storage tier is suitable for storing the backup to minimize cost while me...
- Q9. What are the two types of capture filters that can be created for network monitoring?...
- Q10. Which statement is NOT correct regarding the Oracle Cloud Infrastructure (OCI) File System...
- Q11. A financial firm is designing an application architecture for its online trading platform ...
- Q12. What is the primary function of the Network Path Analyzer (NPA) tool provided by Oracle Cl...
- Q13. Which TWO options will accomplish a fully redundant connection from an on-premises data ce...
- Q14. Why is the Network Visualizer tool valuable for managing virtual network infrastructure on...
- Q15. Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are ...
- Q16. How can an organization securely grant a third-party application access to specific OCI re...
- Q17. You enabled Cross Region Replication for the volume and selected US West (San Jose) as the...
- Q18. Which image option allows you to create identical instances with minimal effort?...
- Q19. Which OCI feature should be used to ensure that communication between database servers and...
- Q20. How will moving a database instance to a different compartment impact user access?...
- Q21. How can OCI IAM be configured to facilitate cross-region access?...
- Q22. By default, OCI IAM policies follow the principle of least privilege. What does this princ...
- Q23. With OCI's pricing of $0.0085 USD per Gigabyte for Outbound Data Transfer in North America...
