Question 2

Question

You are designing a multi-tier application within an OCI Virtual Cloud Network (VCN). The application
comprises a public-facing web tier in one subnet, an application tier in another, and a database tier
in a third. For security reasons, you want to ensure that only the application tier can initiate
connections to the database tier. The web tier needs to be able to communicate with the application
tier, but not directly with the database tier. You are using private IP addresses within your VCN.
Which procedural step is MOST effective to achieve this network isolation?

Accepted Answer

Create separate security lists for each subnet and configure ingress and egress rules to restrict
traffic accordingly. Create appropriate route rules in each subnet’s route table.

Nathan A. · Answer

Honestly kinda lost on this one, but I'll go with C. Someone back me up?

Ethan T. · Answer

Looks like C, security lists on each subnet keeps traffic locked down cleanly. OCI docs also lean on this setup.

QuickAuditor6719 · Answer

C , NSGs (A) trip people up here but security lists per subnet is the expected OCI way.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE