1z0-1104-23 無料問題集「Oracle Cloud Infrastructure 2023 Security Professional」
Pods running in your Oracle Container Engine for Kubernetes (OKE) cluster often need to communicate with other pods in the cluster or with services outside the cluster. As the OKE cluster administrator, you have been tasked with configuring permissions to restrict pod-to-pod communications except as explicitly allowed. Where can you define these permissions? (Choose the best Answer.)
正解:C
解答を投票する
Challenge 3 - Task 3 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"
正解:
See the solution below in Explanation
Explanation:
Solutions:
Create Bastion:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:
a. Bastion name: SPPBTBASTION992831403labuser13
b. Configure Networking:
i. Target virtual cloud network: Select PBT-BAS-VCN-01
ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.
c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.
d. Click Create Bastion.
After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.
Create a Bastion Session:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:
a. Bastion name: PBT-1-Session-01
b. Session type: Select Managed SSH session.
c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.
Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.
f. Add SSH key
g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.
i. Click Save public key. This will save the public key to your local workstation.
j. Click Create session.
After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.
Explanation:
Solutions:
Create Bastion:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:
a. Bastion name: SPPBTBASTION992831403labuser13
b. Configure Networking:
i. Target virtual cloud network: Select PBT-BAS-VCN-01
ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.
c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.
d. Click Create Bastion.
After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.
Create a Bastion Session:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:
a. Bastion name: PBT-1-Session-01
b. Session type: Select Managed SSH session.
c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.
Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.
f. Add SSH key
g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.
i. Click Save public key. This will save the public key to your local workstation.
j. Click Create session.
After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)