ExamTopics Logo
Mail Us[email protected]
Menu
Oracle Discussions
exam questions

Exam 1z0-1072-23 All Questions

View all questions & answers for the 1z0-1072-23 exam
Go to Exam

Exam 1z0-1072-23 topic 1 question 9 discussion

Actual exam question from Oracle's 1z0-1072-23
Question #: 9
Topic #: 1
[All 1z0-1072-23 Questions]

A recently hired network administrator has been given the task of removing SSH permissions from all compute instances in the company's tenancy. She finds all Virtual Cloud Networks (VCNs) in the tenancy using Tenancy Explorer. She removes port 22 from the Security Lists in all VCNs. After she completes the task, the very first compute instance that she tests SSH against, allows her to still SSH into it. Why is that?

  • A. The VCN where that compute instance resides still has an Internet Gateway.
  • B. The VCN where that compute instance resides still has a route rule that allows port 22.
  • C. The VNIC of that compute instance is attached to a Network Security Group (NSG) that has a stateful ingress rule for all protocols on source CIDR 0.0.0.0/0.
  • D. The VNIC of that compute instance is attached to a Cluster Network that has a stateful ingress rule for all protocols on source CIDR 0.0.0.0/0.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Mopo at March 18, 2024, 6:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mopo
4 months ago
Selected Answer: C
If the VNIC of the compute instance is attached to an NSG that has a stateful ingress rule allowing all protocols from the source CIDR 0.0.0.0/0, it means that all incoming traffic, including SSH traffic on port 22, is still permitted regardless of the Security Lists configured at the VCN level. NSG rules take precedence over Security Lists. To ensure that SSH access is completely disabled for the compute instance, the network administrator should review and modify the NSG associated with the compute instance's VNIC to remove the stateful ingress rule allowing SSH traffic.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago