1z0-1072-23 Exam Dumps : Oracle Cloud Infrastructure 2023 Architect Associate

Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C. The explanation is that when you attach a policy to the tenancy, you need to specify the full path of the compartment where you want to grant permissions. In this case, the compartment C is a sub-compartment of compartment B, which is a sub-compartment of compartment A, which is a sub-compartment of the root compartment (tenancy). Therefore, the full path of compartment C is A:B:C. The virtual-network-family resource type includes all the resources related to VCN, such as subnets, route tables, security lists, gateways, etc.

Auth Tokens is the authentication option that you should use to ensure that your custom application with third-party APIs can communicate with OCI resources. Auth Tokens are tokens that can be used as an alternative to passwords when making API calls to OCI services. Auth Tokens can be generated and revoked by users in the OCI Console or CLI, and can be used with any API client that supports basic authentication. The other options are not suitable for this scenario, as they either require OCI’s signature-based authentication or are not applicable for API calls. References: [Auth Tokens]

According to the Oracle Cloud Guard documentation1, Cloud Guard is a cloud native service that helps customers monitor, identify, achieve, and maintain a strong security posture on Oracle Cloud. Use the service to examine your Oracle Cloud Infrastructure resources for security weakness related to configuration, and your Oracle Cloud Infrastructure operators and users for risky activities. Upon detection, Cloud Guard can suggest, assist, or take corrective actions, based on your configuration.

Therefore, option A and option E are correct ways that Cloud Guard helps improve the overall security posture for your tenancy. Option B is incorrect because Cloud Guard does not allow you to centrally manage encryption keys. That is the function of the Vault service2. Option C is incorrect because Cloud Guard does not prevent you from creating misconfigurations on your resources in OCI. It only detects and reports them, and optionally takes corrective actions. Option D is incorrect because Cloud Guard does not mask sensitive data and monitor security controls on your Oracle databases. That is the function of the Data Safe service3.