Examice

Exam 1z0-1072-23 All QuestionsBrowse all questions from this exam

Question 21

You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins.

Each admin group has full access over their respective compartments as shown in the graphic below.

Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.

You want to set up a Test compartment for members of the three projects to share. You also need to provide admin access to all three of your existing admin groups.

Which policy would you write to accomplish this task?

Allow all-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'

Allow dynamic-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'

Allow any-user to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'

Allow group any-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'

Correct Answer: D

In Oracle Cloud Infrastructure (OCI), there is no recognized entity called 'all-group,' hence options involving it are invalid. To meet the requirement of giving admin access to multiple groups tagged as 'Admin,' you should use 'any-group,' which is valid OCI policy syntax. This syntax ensures that any group tagged as 'Admin' gets administrative rights over the 'Test' compartment.

Discussion

kaka321Option: D

A is wrong. D is correct. following the policy syntax. note all-group does not exist but any-group

iggyboo

Unless I'm missing something, there is no "all-group" in the syntax reference (as poor as Oracle has it though I might have missed it). There are however all-resources/all-<resource> style selectors that can be found. This is concerning though because this isn't the first time that an "Actual" test question had the wrong answer so I suspect there are landmines all over the certification test OR the writers of said test are just as confused because the documentation is all over the place.

gsakeOption: C

https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingaccesswithtags.htm#ariaid-title3#ariaid-title4#ariaid-title32

Hotman1987Option: C

There is NOTHING called all-group. Search the Oracle Training Guide and check for yourself C is the correct answer (any-user)

alejodazamOption: C

is in the documentation: https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingaccesswithtags.htm#ariaid-title3#ariaid-title4#ariaid-title32

gashforingOption: D

D is correct answer

antoniosilvanoOption: C

I think the correct response is "C". Here the documentation: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policysyntax.htm Use any-user with specific role ADMIN

SherifciOption: C

C is the correct answer

a31c737Option: C

c. Allow any-user who belongs to a group that has been tagged - admin'

a31c737Option: D

D. There is no all-group syntax in oci

MopoOption: B

This policy grants permissions to a dynamic group named "dynamic-group" to manage all resources (all-resources) within the "Test" compartment. The condition "where request.principal.group.tag.EmployeeGroup.Role='Admin'" ensures that only members of the admin groups with the role tag 'Admin' are granted access to manage resources within the Test compartment. Using a dynamic group allows for flexibility as members can be added or removed dynamically based on the group's rules.

AnkojiOption: C

The answer is "C" refer#https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingaccesswithtags.htm