1z0-1124-25試験無料問題集（122題）「Oracle Cloud Infrastructure 2025 Networking Professional 認定」

出題：1

You're tasked with creating a network diagnostic tool using Cloud Shell to test connectivity to various endpoints from within your VCN. To enhance security, you want to ensure the tool only has the necessary permissions to perform network diagnostics (e.g., ping, traceroute, nc). Which IAM principle and associated action(s) provide the MOST restrictive, least-privilege access for Cloud Shell to perform network diagnostic tasks?

A. Cloud Shell session using Instance Principals, belonging to a dynamic group with a policy allowing network-security-groups and vnics to be read and used.

B. An IAM user with the read permission on all virtual-network-family resources.

C. An IAM group with the use permission on the virtual-network-family aggregate resource in the tenancy.

D. An IAM group with inspect permission on virtual-network-family in the target compartment.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

You are managing an OCI Network Firewall that protects a VCN with multiple subnets. The application team reports intermittent connectivity issues to a specific application server behind the firewall. You suspect the issue might be related to the firewall's stateful inspection. What would be the most efficient way to troubleshoot if the stateful inspection is causing these connectivity issues?

A. Disable stateful inspection on the entire Network Firewall to check if the connectivity is restored.

B. Create a Network Firewall policy with a specific rule that allows all traffic to/from the affected application server, bypassing inspection.

C. Recreate the Network Firewall with a completely different configuration.

D. Review the Network Firewall logs for denied traffic originating from or destined to the application server.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

You are troubleshooting a network connectivity issue between a compute instance in a private subnet within your VCN and a service on the public internet using Cloud Shell. You suspect a problem with the network security group (NSG) rules associated with the instance's VNIC. Which Cloud Shell command and appropriate tool combination allows you to directly inspect the NSG configuration impacting the VNIC?

A. oci network vnic get --vnic-id <instance_VNIC_OCID> piped to awk '/network_security_group_ids/
{print $2}' | xargs oci network network-security-group get --nsg-id

B. oci network network-security-group get --nsg-id <NSG_OCID> piped to grep <instance_VNIC_OCID>

C. oci compute instance get --instance-id <instance_OCID> piped to jq '.vnics[].nic_id | oci network vnic get --vnic-id .' piped to jq '.network_security_group_ids[] | oci network network-security-group get -- nsg-id .'

D. oci compute instance get --instance-id <instance_OCID> piped to grep NetworkSecurityGroupIds

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Your organization is migrating a legacy application to OCI. This application relies on a specific IP address for its external communication, and you need to maintain this IP address during the migration. Which OCI Load Balancer feature or configuration can help you achieve this while ensuring high availability for the application?

A. Configuring the Flexible Load Balancer with a reserved public IP address.

B. Utilizing the Network Load Balancer (NLB) with its inherent ability to preserve client IP addresses.

C. Using a private IP address for the load balancer and NAT Gateway for outbound traffic.

D. Deploying multiple Flexible Load Balancers with different public IP addresses and using DNS round- robin.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

You are troubleshooting a connectivity issue between two compute instances within the same VCN. Both instances are in different subnets. Instance A (IPv4: 10.0.1.10, IPv6: fc00:1:1::10) can ping its subnet gateway (10.0.1.1) and can ping the IPv6 address of Instance B (fc00:1:2::20), but cannot ping Instance B's IPv4 address (10.0.2.20). The security lists and network security groups (NSGs) are configured to allow all traffic between the subnets. The route table for Instance A's subnet has a rule to route all traffic destined to 10.0.2.0
/24 subnet to the VCN Local Peering Gateway. What is the most probable cause?

A. The VCN does not have IPv6 enabled.

B. The "ping" utility is not supported on the IPv6 address.

C. The route table for Instance B's subnet is missing a rule to route traffic destined for 10.0.1.0/24 to the VCN Local Peering Gateway.

D. IPv6 traffic cannot be filtered by security lists or NSGs.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A company has deployed a VCN in OCI with multiple subnets. Security requirements dictate that instances in different subnets within the same VCN should not be able to directly communicate with each other unless explicitly permitted. You are tasked with implementing this policy. What is the most appropriate approach to meet this requirement?

A. Create separate VCNs for each subnet.

B. Configure a stateful firewall in front of the VCN and configure the rules to deny inter-subnet traffic.

C. Configure network security groups (NSGs) for each subnet, defining strict ingress and egress rules that only allow the necessary traffic.

D. Remove the default route rule in the VCN's route table that allows traffic between subnets.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

You are designing a backup solution in OCI. Compute instances in a private subnet need to back up data to OCI Object Storage. Security policy mandates that data transfer must not traverse the public internet. You need to choose the most secure and cost-effective method for accessing Object Storage. Which endpoint
/gateway configuration should you implement?

A. Configure a NAT Gateway and use public Object Storage endpoints with HTTPS enabled.

B. Configure a Service Gateway with the Oracle Services Network service CIDR label for your region, and use regional Object Storage endpoints.

C. Configure an Internet Gateway and use public Object Storage endpoints.

D. Configure a Dynamic Routing Gateway (DRG) and FastConnect to a remote region and use public Object Storage endpoints.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

When configuring inter-tenancy VCN peering, what is the purpose of the "peer ID" provided by the requesting tenancy to the accepting tenancy?

A. To define the security rules for the peering connection.

B. To uniquely identify the requesting tenancy's RPC.

C. To specify the CIDR block of the requesting tenancy's VCN.

D. To authenticate the requesting tenancy's root user.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

When configuring transitive routing through a network appliance in a hub-and-spoke VCN topology, which configuration is necessary to ensure that traffic from a spoke VCN to another spoke VCN passes through the network appliance?

A. Using an Internet Gateway to route traffic between the spoke VCNs.

B. Attaching the network appliance to a Service Gateway.

C. Configuring static routes on the DRG route table pointing to the network appliance's private IP address.

D. Implementing a Local Peering Gateway (LPG) between the spoke VCNs.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Your company has deployed a mission-critical application on OCI that requires consistent, predictable network performance. You have established a FastConnect circuit to connect your on-premises data center to OCI. You observe that the network latency varies throughout the day, and you suspect that other traffic is impacting the performance of your application. Which FastConnectfeature can you leverage to prioritize traffic for your mission-critical application and improve its network performance?

A. FastConnect Jumbo Frames

B. FastConnect Quality of Service (QoS)

C. FastConnect VLAN Tagging

D. FastConnect BGP Communities

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

1z0-1124-25試験無料問題集「Oracle Cloud Infrastructure 2025 Networking Professional 認定」