1z0-1124-25 試験問題を無料オンラインアクセス

As a network security engineer, you are tasked with designing a highly secure architecture for a financial application running on OCI. You have deployed a Network Firewall to protect the application's VCN. Due to regulatory compliance requirements, you need to ensure that no direct internet access is allowed to any compute instance within the application's private subnet, even if it is misconfigured. You need to block all outbound traffic to the internet. Which Network Firewall rule action best accomplishes this goal?

• A.DROP with Destination IP address set to the NAT Gateway IP address.
• B.ALLOW with Destination IP address set to 0.0.0.0/0.
• C.ALLOW with Destination IP address set to the Service Gateway IP address.
• D.REJECT with Destination IP address set to 0.0.0.0/0.

A company has deployed a VCN in OCI with multiple subnets. Security requirements dictate that instances in different subnets within the same VCN should not be able to directly communicate with each other unless explicitly permitted. You are tasked with implementing this policy. What is the most appropriate approach to meet this requirement?

• A.Remove the default route rule in the VCN's route table that allows traffic between subnets.
• B.Configure network security groups (NSGs) for each subnet, defining strict ingress and egress rules that only allow the necessary traffic.
• C.Configure a stateful firewall in front of the VCN and configure the rules to deny inter-subnet traffic.
• D.Create separate VCNs for each subnet.

You are managing a Site-to-Site VPN connection between your on-premises network and OCI. You notice that the VPN tunnel is frequently dropping and re-establishing. You have verified the internet connectivity at both ends and confirmed that the IKE (Internet Key Exchange) parameters are correctly configured. Which of the following is the most likely cause of the intermittent VPN tunnel disconnections?

• A.The on-premises Customer-Premises Equipment (CPE) is configured with an incorrect public IP address.
• B.The OCI Dynamic Routing Gateway (DRG) is experiencing a temporary outage.
• C.The on-premises firewall is configured with incorrect NAT-Traversal settings.
• D.There is a misconfiguration in the security rules, blocking the IKE or ESP (Encapsulating Security Payload) traffic.

Your company is migrating its on-premises data center to OCI. A critical security requirement is to maintain centralized logging and auditing of all network traffic traversing the OCI Network Firewall. You need to ensure that every session that passes through the firewall is logged and can be analyzed for security events.
Which OCI service should you configure in conjunction with the Network Firewall to achieve this centralized logging?

• A.OCI Service Connector Hub with OCI Logging.
• B.OCI Logging Analytics.
• C.OCI Audit Service.
• D.OCI Cloud Guard.

You are responsible for managing the network infrastructure of a multi-tenant SaaS application deployed on OCI. Each tenant has their own dedicated VCN. To simplify management and provide a centralized point for connectivity to your on-premises network via FastConnect, you are using a DRG. However, you need to ensure that tenants are logically isolated from each other, and no traffic can flow directly between tenant VCNs through the DRG. How can you achieve tenant isolation while still allowing each tenant to connect to your on-premises network through the centralized DRG?

• A.Utilize a single DRG and attach all tenant VCNs to it. Implement Network Security Groups (NSGs) on each tenant VCN to explicitly block all traffic to and from other tenant VCNs.
• B.Utilize a single DRG and attach all tenant VCNs to it. For each VCN attachment, use a DRG route table that only contains a route to the FastConnect attachment. Do not include any routes to other VCN attachments in any DRG route table.
• C.Utilize a single DRG and attach all tenant VCNs to it. Create a separate compartment for each tenant VCN. This will automatically isolate tenant traffic at the DRG level.
• D.Create a separate DRG for each tenant and attach the respective tenant VCN to its DRG. Configure static routes on each DRG to direct traffic appropriately.