Oracle Cloud Infrastructure 2021 Multicloud Architect Associate — Question 38

You are using Oracle Cloud Infrastructure (OCI) services across several regions: us-phoenix-1, us-ashburn-1, uk-london-1 and ap-tokyo-1. You have creates a separate administrator group for each region: PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, respectively.
You want to restrict admin access to a specific region. E.g., PHX-Admins should be able to manage all resources in the us-phoenix-1 region only and not any other OCI regions.
What IAM policy syntax is required to restrict PHX-Admins to manage OCI resources in the us-phoenix-1 region only? (Choose the best answer.)

Answer options

• A. Allow group PHX-Admins to manage all-resources in tenancy where request.region= 'phx'
• B. Allow group PHX-Admins to manage all-resources in tenancy where request.permission= 'phx'
• C. Allow group PHX-Admins to manage all-resources in tenancy where request.target= 'phx'
• D. Allow group PHX-Admins to manage all-resources in tenancy where request.location= 'phx'

Correct answer: A

Explanation

The correct answer is A because it uses the proper IAM policy syntax to restrict access by checking the request.region. The other options (B, C, and D) do not accurately reference the correct attribute to restrict access to the specified region, making them invalid for this scenario.