Question 6

Question

You are troubleshooting a network connectivity issue between a compute instance in a private
subnet within your VCN and a service on the public internet using Cloud Shell. You suspect a problem
with the network security group (NSG) rules associated with the instance's VNIC. Which Cloud Shell
command and appropriate tool combination allows you to directly inspect the NSG configuration
impacting the VNIC?

Accepted Answer

oci compute instance get --instance-id  piped to jq '.vnics[].nic_id | oci network
vnic get --vnic-id .' piped to jq '.network_security_group_ids[] | oci network network-security-group
get --nsg-id .'

Meera C. · Answer

Curious what folks think about using jq vs awk here. B seems most accurate because it goes from instance to NSG and actually lets you see the config, not just grab IDs. Pretty sure that's what you'd want for rule troubleshooting.

Rowan U. · Answer

Don’t think it’s D, B is the better pick here. B actually drills down from instance to VNIC to the NSG with jq, so you really get to see all the config details that could be impacting connectivity. D is a bit of a trap since awk parsing can miss stuff if JSON changes. Anyone disagree?

AlexG · Answer

OwenM, agree with you that jq is more reliable when parsing JSON from the CLI. D looks tempting if you're used to quick shell scripting, but OCI's responses can get messy. Pretty sure B is the safest choice for structured output here, but open to other tricks if someone has a real-world edge case.

Luna M. · Answer

Its D, because awk is quick for pulling NSG IDs right from the VNIC. I know jq is more robust, but if you just want the NSG details fast, D seems good enough. Maybe missing something small though.

Amelia · Answer

A is wrong, B. Awk in D won’t catch nested JSON right.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE