Oracle Cloud Infrastructure 2020 Architect Associate — Question 26

You are working for a financial institution that is currently running two web applications in Oracle Cloud Infrastructure (OCI). All resources were created in the root compartment.
Your manager asked you to deploy new resources to support a proof-of-concept (PoC) for Oracle FlexCube. You must ensure that the FlexCube resources are secured and cannot be affected by the team that manages the two web applications.
Which two tasks should you complete to ensure the required security of your resources? (Choose two.)

Answer options

• A. Create a new compartment for the two web applications and move the existing resources into the compartment. Deploy the FlexCube application into the root compartment. Create a new policy in the root compartment that gives the FlexCube project team the ability to manage all resources in the tenancy.
• B. Create a new policy in the root compartment for the FlexCube project team. Assign a policy statement that grants the FlexCube project team the ability to manage all resources in the tenancy, where a specific tag key and tag value are present.
• C. Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so that each new resource created is tagged with the name of the person who created it. Create a new IAM policy that allows users to only modify resources they created.
• D. Create a new compartment for the two web applications and move the existing resources into this compartment. Modify the existing policy for the team that manages these applications so that the scope of access is defined as this new compartment.
• E. Create a new compartment for the FlexCube application deployment. Create a policy in this compartment for the project team that gives them the ability to manage all resources within the scope of this compartment.

Correct answer: C, D

Explanation

The correct answer is C and D. Option C allows for tracking who created which resources, ensuring users can only modify their creations, enhancing security. Option D restricts the access of the web application team to a specific compartment, thereby isolating the FlexCube resources. Options A and B do not effectively separate the FlexCube resources from the web applications, compromising security. Option E, while creating a compartment, does not ensure the existing web application team’s access is limited.