Oracle Cloud Infrastructure 2025 Architect Associate — Question 3

Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?

Answer options

• A. Allow any-user to inspect users in tenancy
• B. Allow group ‘Default’/ ‘A-Admins’ to manage all-resources in compartment Project-A
• C. Allow dynamic-group ‘Default’/ ‘FrontEnd’ to manage instance-family in compartment Project-A
• D. Allow group ‘Default’/ ‘A-Developers’ to create volumes in compartment Project-A

Correct answer: C

Explanation

Option C is incorrect because dynamic groups can only manage resources that are defined by their matching rules, and 'instance-family' is not a valid resource type for dynamic groups. The other options are valid as they adhere to OCI IAM policy syntax and use appropriate resource types for the specified groups.