Oracle 1Z0-1124-25 Quiz 1 Topic 1 Questions 1-5

Question: 1

You are responsible for managing the network infrastructure of a multi-tenant SaaS application deployed on OCI. Each tenant has their own dedicated VCN. To simplify management and provide a centralized point for connectivity to your on-premises network via FastConnect, you are using a DRG. However, you need to ensure that tenants are logically isolated from each other, and no traffic can flow directly between tenant VCNs through the DRG. How can you achieve tenant isolation while still allowing each tenant to connect to your on-premises network through the centralized DRG?

ACreate a separate DRG for each tenant and attach the respective tenant VCN to its DRG. Configure static routes on each DRG to direct traffic appropriately.

BUtilize a single DRG and attach all tenant VCNs to it. Implement Network Security Groups (NSGs) on each tenant VCN to explicitly block all traffic to and from other tenant VCNs.

CUtilize a single DRG and attach all tenant VCNs to it. For each VCN attachment, use a DRG route table that only contains a route to the FastConnect attachment. Do not include any routes to other VCN attachments in any DRG route table.

DUtilize a single DRG and attach all tenant VCNs to it. Create a separate compartment for each tenant VCN. This will automatically isolate tenant traffic at the DRG level.

Show Answer

Question: 2

Consider a scenario where you have several private subnets within your VCN, and instances in these subnets need to access different OCI Object Storage buckets across various compartments. How can you efficiently manage and secure private access to Object Storage for all these subnets while adhering to the principle of least privilege?

AConfigure a single Internet Gateway and use IAM policies to control access at the bucket level.

BDeploy a single NAT Gateway and manage access using Network Security Groups (NSGs) for each subnet.

CImplement a Service Gateway within the VCN and utilize IAM policies and route tables to direct traffic to the appropriate Object Storage service endpoints.

DCreate a Private Endpoint for each Object Storage bucket within each private subnet.

Show Answer

Question: 3

You are a cloud architect designing a multi-tiered application on OCI. One tier consists of publicly accessible web servers that must be protected from common web exploits. You plan to use OCI Network Firewall to achieve this. You need to configure the Network Firewall to detect and prevent SQL injection attacks against the web servers. Which Network Firewall feature is most suitable for this purpose?

AStateful Inspection, configured with default IPS policies.

BIntrusion Detection and Prevention System (IDPS) signatures with custom rule sets for SQL injection.

CURL Filtering with predefined categories blocking SQL injection attempts.

DGeo-location filtering to block traffic from countries known for SQL injection attacks.

Show Answer

Question: 4

Your company needs to establish a secure connection between your on-premises network and OCI for a pilot project. The project has a limited budget and requires a quick setup, but also demands that the connection is encrypted. The long-term plan involves migrating to FastConnect, but that will take several months. Which OCI VPN solution would be most suitable for this short-term, budget-conscious, and security-aware scenario?

AUse a Dynamic Routing Gateway (DRG) with a Site-to-Site VPN connection configured using static routing.

BDeploy a third-party virtual appliance VPN solution from the OCI Marketplace within a public subnet and configure a VPN connection to your on-premises network.

CUse a Service Gateway to connect to a third-party VPN service available on the internet.

DUse a Dynamic Routing Gateway (DRG) with a Site-to-Site VPN connection configured using dynamic routing with BGP.

Show Answer

Question: 5

Your organization requires that all backups of critical application data stored in OCI Object Storage from an instance within a private subnet must remain within the Oracle Cloud Infrastructure network and not traverse the public internet. Which OCI networking component should you configure to enable this secure and private access to Object Storage?

AInternet Gateway

BNAT Gateway

CService Gateway

DNetwork Firewall

Show Answer

Oracle 1Z0-1124-25 Quiz:1 Topic:1 Questions:1-5