You are designing a multi-tier application within an OCI Virtual Cloud Network (VCN). The application comprises a public-facing web tier in one subnet, an application tier in another, and a database tier in a third. For security reasons, you want to ensure that only the application tier can initiate connections to the database tier. The web tier needs to be able to communicate with the application tier, but not directly with the database tier. You are using private IP addresses within your VCN. Which procedural step is MOST effective to achieve this network isolation?
A company has deployed a VCN in OCI with multiple subnets. Security requirements dictate that instances in different subnets within the same VCN should not be able to directly communicate with each other unless explicitly permitted. You are tasked with implementing this policy. What is the most appropriate approach to meet this requirement?
Which OCI service provides detailed logs for network traffic traversing a Network Load Balancer, offering insights into client connections and backend health checks?
Your company has deployed a mission-critical application on OCI that requires consistent, predictable network performance. You have established a FastConnect circuit to connect your on-premises data center to OCI. You observe that the network latency varies throughout the day, and you suspect that other traffic is impacting the performance of your application. Which FastConnectfeature can you leverage to prioritize traffic for your mission-critical application and improve its network performance?
Your company is migrating its legacy application to OCI. This application uses self-signed certificates. As part of the migration, you want to replace these with certificates issued by a trusted Certificate Authority (CA) managed through OCI Certificates. What is the most secure and recommended method to handle this transition?
Consider a scenario where you have several private subnets within your VCN, and instances in these subnets need to access different OCI Object Storage buckets across various compartments. How can you efficiently manage and secure private access to Object Storage for all these subnets while adhering to the principle of least privilege?
You have configured an IPSec VPN tunnel over your FastConnect circuit to OCI. You are experiencing intermittent connectivity issues and notice that the VPN tunnel is flapping (frequently going up and down). You have verified the IKE and IPSec configuration and confirmed that the security policies are correct. Which is a LESS likely cause of the VPN tunnel flapping when using IPSec over FastConnect, compared to using IPSec over the public internet?
Your organization is migrating a critical three-tier application to OCI. The application requires a highly available and performant database tier. You plan to use Oracle Autonomous Database on Dedicated Exadata Infrastructure. The Autonomous Database subnet must adhere to the organization's security policy, which mandates no direct internet access and private access to other VCN subnets. You need to ensure the proper IP address allocation and routing. Which of the following procedural steps is most effective for achieving this?
You are automating the deployment of a highly available OKE cluster across multiple availability domains (ADs) using Terraform. The OKE cluster needs to communicate with a database service running on a Compute instance in a separate private subnet within the same VCN. During the Terraform deployment, you encounter an error indicating that the Kubernetes pods cannot resolve the private IP address of the database instance. You’ve verified that DNS resolution works correctly for other resources within the VCN. What is the MOST probable reason for this DNS resolutionfailure?
Which OCI service or feature enables the enforcement of granular, identity-based access controls for packet routing, crucial for implementing Zero Trust principles?
TESTED 30 Apr 2025
