You are the security architect for a medium sized e-commerce company that runs all of the…

Question

You are the security architect for a medium sized e-commerce company that runs all of their applications in Oracle Cloud Infrastructure (OCI). Currently, there are 14 unique applications, each deployed and secured in their own compartment. The Operations team has procured a new monitoring tool that will be deployed throughout the OCI ecosystem. Their requirement is to deploy one management node into each compartment.
Currently, the Operations team Identity and Access Management (IAM) group has the following policy: allow group OpsTeam to READ all-resources in tenancy
Once the new monitoring nodes are deployed, the Operations team may need to stop, start, or reboot them occasionally.
What is the most efficient solution to allow the Operations team to fully manage the monitoring nodes, without allowing them to alter other resources across the tenancy?

Accepted Answer

Correct answer: A. A. In each of the 14 compartments, create a new policy with the following statement: allow group OpsTeam to manage instance-family in compartment XXX where XXX is the name of the compartment where you are creating the policy. — Option A is the most efficient solution as it allows the OpsTeam to manage the monitoring nodes specifically within each compartment without impacting other resources. Options B and C are broader and could inadvertently grant permissions beyond what is needed, while option D may not enforce strict access control since it uses a free-form tag, which is less reliable than defined tags.

Oracle Cloud Infrastructure 2022 Architect Professional — Question 17

Answer options

Correct answer: A

Explanation