Oracle Cloud Infrastructure 2023 Cloud Operations Professional - 1z0-1067-23 FREE EXAM DUMPS QUESTIONS & ANSWERS
Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy) Scenario Description: (Hands-On Performance Exam Certification) Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
* Tenancy (root)
* Common-Infra
* Network
* Security
* Applications
* E-Comm
* SCM
* CRM
You create the following groups:
* Network-Admins
* Security-Admins
* E-Comm-Admins
* SCM-Admins
* CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, "inspect orm-stacks" instead of "ORM_STACK_INSPECT") and aggregate resource types instead of individual ones (for example, "file-family" instead of "file-systems" and "mount-targets") Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
You start by setting up the following compartment hierarchy:
* Tenancy (root)
* Common-Infra
* Network
* Security
* Applications
* E-Comm
* SCM
* CRM
You create the following groups:
* Network-Admins
* Security-Admins
* E-Comm-Admins
* SCM-Admins
* CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, "inspect orm-stacks" instead of "ORM_STACK_INSPECT") and aggregate resource types instead of individual ones (for example, "file-family" instead of "file-systems" and "mount-targets") Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Correct Answer:
See the solution below with Step by Step Explanation.
Explanation
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement:
* allow E-Comm-Admins to manage instance-familyincompartment Applications:E-Comm allow E-Comm-Admins tousevirtual-network-familyincompartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
Explanation
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement:
* allow E-Comm-Admins to manage instance-familyincompartment Applications:E-Comm allow E-Comm-Admins tousevirtual-network-familyincompartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment-but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
The general syntax for an IAM policy is: Allow <identity_domain_name>/<subject> to <verb>
<resource-type> in <location> where <conditions> Which two are valid values for <lo-cation>?
<resource-type> in <location> where <conditions> Which two are valid values for <lo-cation>?
Correct Answer: B,D
Vote an answer
Your team implemented a SaaS application that requires a whole system deployment for each new customer.
The infrastructure provisioning is already automated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file management and deployment. What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory? (Choose the best answer.)
The infrastructure provisioning is already automated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file management and deployment. What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory? (Choose the best answer.)
Correct Answer: B
Vote an answer
As a solutions architect of the Oracle Cloud Infrastructure (OCI) tenancy, you have been asked to provide members of the CloudOps group the ability to view and retrieve monitoring metrics, but only for all monitoring-enabled compute instances. Which policy statement would you define to grant this access?
Correct Answer: D
Vote an answer
In your root compartment, you have two subcompartments, A and B. You have three in-stances in each compartment, including the root (for a total of nine). What does the following metric query return if you use the console to run it in the root compartment? CpuUtiliza-tion[1m].mean()
Correct Answer: B
Vote an answer
Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple teams that use the same compute instance and have access to these block volumes. You want to ensure that noone accidentally deletes any of these block volumes. You have started to construct the following IAM policy but need to determine which permissions should be used.
allow group DeploymentUsers to manage volume-family where ANY { request.permission != <???>, request.permission != <???>, request.permission != <???> } Which permissions can you use in place of <???> in this policy? (Choose the best answer.)
allow group DeploymentUsers to manage volume-family where ANY { request.permission != <???>, request.permission != <???>, request.permission != <???> } Which permissions can you use in place of <???> in this policy? (Choose the best answer.)
Correct Answer: A
Vote an answer
Scenario: 2 (Oracle Cloud-init and AutoScaling: Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool) Scenario Description: (Hands-On Performance Exam Certification) You're deploying an Apache-based web application on OCI that requires horizontal autoscaling.
To configure instances upon provisioning, write a cloud-init script for Oracle Linux 8 that installs and enables Apache (httpd), and opens the firewall for HTTP on TCP port 80. Create aninstance configuration and include the cloud-init script in it. Use this instance configuration to create an instance pool and autoscaling configuration.
Pre-Configuration:
To fulfill this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
A VCN Cloud-Init Challenge VCN with an Internet gateway and a public subnet. The security list for the subnet allows ingress via TCP ports 22 and 80 (SSH and HTTP). The route table forwards all egress to the Internet gateway.
Access to the OCI Console
Required IAM policies
An SSH key pair for the compute instance
Public Key
https://objectstorage.us-ashburn-1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PublicKey.pub Private Key https://objectstorage.us-ashburn-1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PKey.key Note: Throughout your exam, ensure to use assigned Compartment , User Name , and Region.
Complete the following tasks in the provisioned OCI environment:
Task 1(a): Develop the cloud-init Script:
Task 1(b): Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool:
To configure instances upon provisioning, write a cloud-init script for Oracle Linux 8 that installs and enables Apache (httpd), and opens the firewall for HTTP on TCP port 80. Create aninstance configuration and include the cloud-init script in it. Use this instance configuration to create an instance pool and autoscaling configuration.
Pre-Configuration:
To fulfill this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
A VCN Cloud-Init Challenge VCN with an Internet gateway and a public subnet. The security list for the subnet allows ingress via TCP ports 22 and 80 (SSH and HTTP). The route table forwards all egress to the Internet gateway.
Access to the OCI Console
Required IAM policies
An SSH key pair for the compute instance
Public Key
https://objectstorage.us-ashburn-1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PublicKey.pub Private Key https://objectstorage.us-ashburn-1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PKey.key Note: Throughout your exam, ensure to use assigned Compartment , User Name , and Region.
Complete the following tasks in the provisioned OCI environment:
Task 1(a): Develop the cloud-init Script:
Task 1(b): Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool:
Correct Answer:
See the solution below with Step by Step Explanation.
Explanation
Task 1(a): Develop the cloud-init Script:
Create a compute instance pbt_cloud_init_vm_01 with the following properties:
Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory
Image: Oracle Linux 8
Placement: Use any of the availability domains
Network:
Place in the public subnet Cloud-Init Challenge SNT
Assign a public IPv4
Use the SSH public key
Add a cloud-init script and perform the following:
Use yum or dnf to install httpd.
Use systemctl to enable and start httpd
Open the firewall to http:
sudo firewall-offline-cmd --add-service=http
systemctl restart firewalld
Mark Complete
Task 1(b): Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool:
You're deploying an Apache-based web application on OCI that requires horizontal autoscaling.
To configure instances upon provisioning, write a cloud-init script for Oracle Linux 8 that installs and enables Apache (httpd), and opens the firewall for HTTP on TCP port 80. Create an instance configuration and include the cloud-init script in it. Use this instance configuration to create an instance pool and autoscaling configuration.
Task 2: Create an Autoscaling Instance Pool Including the cloud-init Script:
Create an instance configuration named pbt_cloud_init_config_01 with the following properties:
Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory
Image: Oracle Linux 8
Placement: Use any of the availability domains
Network:
Place in the public subnet Cloud-Init Challenge SNT
Assign a public IPv4
Use the SSH public key
Attach the cloud-init script created in Task 1
Create an instance pool named pbt_cloud_init_pool_01 with one instance by using the instance configuration pbt_cloud_init_config_01 Create and attach an autoscaling configuration named pbt_cloud_autoscaling_config_01 with the following settings:
Metric-based autoscaling
Cooldown: 300 second
Performance metric: CPU utilization
Scale-out rule:
Operator: Greater than (>)
Threshold: 75%
Number of instances to add: 1
Scale-in rule:
Operator: Less than (<)
Threshold: 25%
Number of instances to remove: 1
Scaling limits:
Minimum number of instances: 1
Maximum number of instances: 2
Initial number of instances: 1
Task 1: Develop the cloud-init script
In the main menu, go to Compute > Instances and click Create an Instance In the instance creation menu, enter the following details a. Name: Provide name given in the instructions b. Compartment: Use the assigned compartment c. Placement: Use any of the availability domains d. Image: Oracle Linux 8 e. Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory f. Network:
i. Place in the public subnet
ii. Assign a public IPv4
g. SSH keys: Upload or paste the provided SSH public key
h. Boot volume: Leave as default
i. Under advanced options, add the following cloud-init script:
#!/bin/shsudo dnf install httpd --assumeyes --quietsudo systemctl enable httpdsudo systemctl start httpdsudo firewall-offline-cmd --add-service=httpsystemctl restart firewalld j. Create the instance.
Task 2: Create an autoscaling instance pool including the cloud-init script
1. In the main menu, go to Compute > Instance Configurations. Click Create instance configuration.
a. In the instance configuration creation menu, enter the same details as before:
b. Name: Provide name given in the instruction/if not specified provide any name c. Compartment: Assigned compartment d. Placement: Use any of the availability domains e. Image: Oracle Linux 8 f. Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory g. Network:
i. Place in the public subnet
ii. Assign a public IPv4
h. SSH keys: Upload or paste the provided SSH public key
i. Boot volume: Leave as default
j. Under advanced options, add the following cloud-init script:
#!/bin/shsudo dnf install httpd --assumeyes --quietsudo systemctl enable httpdsudo systemctl start httpdsudo firewall-offline-cmd --add-service=httpsystemctl restart firewalld k. Create the instance configuration.
Task 2: In the main menu, go to Compute > Instance Pools. Click Create instance pool.
Enter the following details:
a. Name: Provide name given in the instruction/if not specified provide any name b. Compartment: Assigned compartment c. Instance configuration: Created in last step d. Number of instances: 1 e. Select any availability domain f. Leave fault domain unselected g. Primary VNIC: Provided VCN in the instructions h. Subnet: Public subnet i. Do not attach a load balancer j. Create the instance pool Task 3: In the main menu, go to Compute > Autoscaling Configurations. Click Create autoscaling configuration and enter the following details:
a. Name: Provide name given in the instruction/if not specified provide any name b. Compartment: Assigned compartment c. Instance Pool: Created in last step d. Select Metric-based autoscaling e. Autoscaling policy name: Does not matter f. Cooldown: 300 seconds g. Performance metric: CPU utilization h. Scale-out rule:
i. Operator: Greater than (>)
ii. Threshold: 75%
iii. Number of instances to add: 1
i. Scale-in rule:
i. Operator: Less than (<)
ii. Threshold: 25%
iii. Number of instances to remove: 1
j. Scaling limits:
i. Minimum number of instances: 1
ii. Maximum number of instances: 2
iii. Initial number of instances: 1
k. Create the autoscaling configuration.
Explanation
Task 1(a): Develop the cloud-init Script:
Create a compute instance pbt_cloud_init_vm_01 with the following properties:
Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory
Image: Oracle Linux 8
Placement: Use any of the availability domains
Network:
Place in the public subnet Cloud-Init Challenge SNT
Assign a public IPv4
Use the SSH public key
Add a cloud-init script and perform the following:
Use yum or dnf to install httpd.
Use systemctl to enable and start httpd
Open the firewall to http:
sudo firewall-offline-cmd --add-service=http
systemctl restart firewalld
Mark Complete
Task 1(b): Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool:
You're deploying an Apache-based web application on OCI that requires horizontal autoscaling.
To configure instances upon provisioning, write a cloud-init script for Oracle Linux 8 that installs and enables Apache (httpd), and opens the firewall for HTTP on TCP port 80. Create an instance configuration and include the cloud-init script in it. Use this instance configuration to create an instance pool and autoscaling configuration.
Task 2: Create an Autoscaling Instance Pool Including the cloud-init Script:
Create an instance configuration named pbt_cloud_init_config_01 with the following properties:
Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory
Image: Oracle Linux 8
Placement: Use any of the availability domains
Network:
Place in the public subnet Cloud-Init Challenge SNT
Assign a public IPv4
Use the SSH public key
Attach the cloud-init script created in Task 1
Create an instance pool named pbt_cloud_init_pool_01 with one instance by using the instance configuration pbt_cloud_init_config_01 Create and attach an autoscaling configuration named pbt_cloud_autoscaling_config_01 with the following settings:
Metric-based autoscaling
Cooldown: 300 second
Performance metric: CPU utilization
Scale-out rule:
Operator: Greater than (>)
Threshold: 75%
Number of instances to add: 1
Scale-in rule:
Operator: Less than (<)
Threshold: 25%
Number of instances to remove: 1
Scaling limits:
Minimum number of instances: 1
Maximum number of instances: 2
Initial number of instances: 1
Task 1: Develop the cloud-init script
In the main menu, go to Compute > Instances and click Create an Instance In the instance creation menu, enter the following details a. Name: Provide name given in the instructions b. Compartment: Use the assigned compartment c. Placement: Use any of the availability domains d. Image: Oracle Linux 8 e. Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory f. Network:
i. Place in the public subnet
ii. Assign a public IPv4
g. SSH keys: Upload or paste the provided SSH public key
h. Boot volume: Leave as default
i. Under advanced options, add the following cloud-init script:
#!/bin/shsudo dnf install httpd --assumeyes --quietsudo systemctl enable httpdsudo systemctl start httpdsudo firewall-offline-cmd --add-service=httpsystemctl restart firewalld j. Create the instance.
Task 2: Create an autoscaling instance pool including the cloud-init script
1. In the main menu, go to Compute > Instance Configurations. Click Create instance configuration.
a. In the instance configuration creation menu, enter the same details as before:
b. Name: Provide name given in the instruction/if not specified provide any name c. Compartment: Assigned compartment d. Placement: Use any of the availability domains e. Image: Oracle Linux 8 f. Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory g. Network:
i. Place in the public subnet
ii. Assign a public IPv4
h. SSH keys: Upload or paste the provided SSH public key
i. Boot volume: Leave as default
j. Under advanced options, add the following cloud-init script:
#!/bin/shsudo dnf install httpd --assumeyes --quietsudo systemctl enable httpdsudo systemctl start httpdsudo firewall-offline-cmd --add-service=httpsystemctl restart firewalld k. Create the instance configuration.
Task 2: In the main menu, go to Compute > Instance Pools. Click Create instance pool.
Enter the following details:
a. Name: Provide name given in the instruction/if not specified provide any name b. Compartment: Assigned compartment c. Instance configuration: Created in last step d. Number of instances: 1 e. Select any availability domain f. Leave fault domain unselected g. Primary VNIC: Provided VCN in the instructions h. Subnet: Public subnet i. Do not attach a load balancer j. Create the instance pool Task 3: In the main menu, go to Compute > Autoscaling Configurations. Click Create autoscaling configuration and enter the following details:
a. Name: Provide name given in the instruction/if not specified provide any name b. Compartment: Assigned compartment c. Instance Pool: Created in last step d. Select Metric-based autoscaling e. Autoscaling policy name: Does not matter f. Cooldown: 300 seconds g. Performance metric: CPU utilization h. Scale-out rule:
i. Operator: Greater than (>)
ii. Threshold: 75%
iii. Number of instances to add: 1
i. Scale-in rule:
i. Operator: Less than (<)
ii. Threshold: 25%
iii. Number of instances to remove: 1
j. Scaling limits:
i. Minimum number of instances: 1
ii. Maximum number of instances: 2
iii. Initial number of instances: 1
k. Create the autoscaling configuration.
You run a large global application with 90% of customers based in the US and Canada. You want to be able to test a new feature and allow a small percentage of users to access the new version of yourapplication. What Oracle Cloud Infrastructure Traffic Management steering policy should you utilize? (Choose the best answer.)
Correct Answer: A
Vote an answer
You are working as a Cloud Operations Administratorfor your company. They have different Oracle Cloud Infrastructure (OCI) tenancies for development and production work-loads. Each tenancy has resources in two regions uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and to automate all the tasks using OCI Command Line Inter-face (CLI). Which is the most efficient method to manage multiple environments using OCI CLI? (Choose the best answer.)
Correct Answer: B
Vote an answer