1z0-1124-25試験無料問題集（122題）「Oracle Cloud Infrastructure 2025 Networking Professional 認定」

出題：1

You are implementing IPSec over FastConnect to connect to a third-party network that is also connected to OCI via FastConnect. Your company requires a high level of security and isolation between your network and the third-party's network. Which of the following is the MOST secure approach to ensure network isolation when implementing IPSec over FastConnect in this scenario?

A. Use OCI Network Security Groups (NSGs) or security lists to strictly control traffic between your VCN and the third-party's VCN.

B. Enable flow logs to monitor the traffic that is transmitted.

C. Implement IPSec tunnels between your on-premises network and the third-party's on-premises network, bypassing OCI.

D. Utilize a third-party virtual firewall appliance deployed in OCI and configure IPSec tunnels through the firewall to both your on-premises network and the third-party's network.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

When establishing cross-tenancy connectivity using Remote Peering Connections (RPCs), which IAM policy statement is essential to grant the requesting tenancy the ability to initiate the connection?

A. Allow group <group_name> to inspect virtual-network-family in tenancy=<target_tenancy_OCID>

B. Allow group <group_name> to manage virtual-network-family in tenancy=<target_tenancy_OCID>

C. Allow group <group_name> to use remote-peering-connections in tenancy=<target_tenancy_OCID>

D. Allow group <group_name> to read remote-peering-connections in tenancy=<target_tenancy_OCID>

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Your application running on OCI Compute instances in a private subnet requires high availability and the ability to distribute incoming traffic across multiple instances. You need to ensure that the load balancer can handle both HTTP and HTTPS traffic and provides health checks to monitor the availability of your backend servers. Which OCI Load Balancer offering is the most suitable for this scenario, considering both functionality and cost-effectiveness for a production environment?

A. Flexible Load Balancer with HTTP and HTTPS listeners and health checks.

B. Flexible Load Balancer with only TCP listeners.

C. Network Load Balancer (NLB) with UDP listeners.

D. Network Load Balancer (NLB) with TCP listeners.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

You are troubleshooting a BGP peering issue between your on-premises router and an OCI FastConnect virtual circuit. You have verified the physical connectivity and confirmed that the BGP session is established.
However, routes are not being exchanged. You suspect a problem with the BGP configuration. What is the MOST LIKELY cause of this issue, assuming the basic BGP configuration (AS numbers, peer IP addresses) is correct?

A. The advertised prefixes are being filtered by a prefix list or route map on either the on-premises router or the OCI FastConnect virtual circuit.

B. The BGP keepalive timers are misconfigured, causing the session to drop intermittently.

C. The MTU (Maximum Transmission Unit) size is mismatched, causing fragmentation and packet loss.

D. There is a mismatch in the BGP authentication keys between the on-premises router and OCI.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

You are designing a multi-tier application within an OCI Virtual Cloud Network (VCN). The application comprises a public-facing web tier in one subnet, an application tier in another, and a database tier in a third.
For security reasons, you want to ensure that only the application tier can initiate connections to the database tier. The web tier needs to be able to communicate with the application tier, but not directly with the database tier. You are using private IP addresses within your VCN. Which procedural step is MOST effective to achieve this network isolation?

A. Create separate security lists for each subnet and configure ingress and egress rules to restrict traffic accordingly. Create appropriate route rules in each subnet's route table.

B. Create a single Network Security Group (NSG) and associate it with all three subnets. Configure ingress and egress rules within the single NSG to restrict traffic accordingly.

C. Create separate Network Security Groups (NSGs) for each tier and configure ingress and egress rules to restrict traffic accordingly. Configure the route table for the Web Tier subnet to route traffic destined for the Database Tier subnet through the Application Tier.

D. Create separate security lists for each subnet and configure ingress and egress rules to restrict traffic accordingly. Configure the route table for the Web Tier subnet to route traffic destined for the Database Tier subnet through the Application Tier.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

You are using Terraform to deploy a multi-tier application architecture consisting of a public subnet hosting a load balancer, a private subnet hosting application servers, and another private subnet hosting a database. The Terraform code successfully creates all the required infrastructure, including route tables and security lists.
However, after deployment, you realize that the load balancer cannot reach the application servers in the private subnet. You have verified that the load balancer is healthy and the application servers are running.
What is the most likely cause of this connectivity problem?

A. The route table associated with the application server subnet has a default route pointing to the Internet Gateway, which is incorrect for a private subnet.

B. The load balancer's security list is not configured to allow egress traffic to the application server subnet on the required ports (e.g., port 8080).

C. The security list associated with the application server subnet does not allow ingress traffic from the load balancer's IP address range.

D. The Network Address Translation (NAT) Gateway is misconfigured, preventing the application servers from initiating connections back to the load balancer.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following is a disadvantage of using a public internet-based VPN connection for migrating large datasets from another cloud provider to OCI?

A. VPN connections are not compatible with all OCI services

B. The throughput of a VPN connection is limited by the available bandwidth and latency of the public internet

C. VPN connections are inherently less secure than dedicated private connections

D. VPN connections cannot be automated using Infrastructure as Code (IaC) tools

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

When migrating workloads to OCI requiring consistent, high-bandwidth connections with minimal latency, and your on-premises data center has direct fiber connectivity, which OCI service is most suitable?

A. Dynamic Routing Gateway (DRG) with remote peering

B. Internet Gateway

C. Site-to-Site VPN

D. FastConnect Colocation with Oracle

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

For a multi-tier architecture with a strict compliance requirement to log all user access to private resources, which Bastion service configuration is most suitable?

A. Dynamic port forwarding sessions with no logging enabled.

B. SSH port forwarding sessions with minimal audit logs.

C. Managed Bastion sessions with detailed session logging enabled.

D. Using a jump server with manually configured logging.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Your organization is migrating a critical three-tier application to OCI. The application requires a highly available and performant database tier. You plan to use Oracle Autonomous Database on Dedicated Exadata Infrastructure. The Autonomous Database subnet must adhere to the organization's security policy, which mandates no direct internet access and private access to other VCN subnets. You need to ensure the proper IP address allocation and routing. Which of the following procedural steps is most effective for achieving this?

A. Create a public subnet for the Autonomous Database, assign it a public IP address, and configure a Service Gateway with access to all Oracle Services in OCI. Configure routing to an Internet Gateway.
Secure access using Security Lists allowing traffic only from approved IP ranges.

B. Create a private subnet for the Autonomous Database and configure a Service Gateway with access to only Object Storage and Yum Server Oracle Services in OCI. Configure NSG rules allowing only traffic from the application's compute instances, and configure routing to a Dynamic Routing Gateway (DRG) for access to other VCN subnets.

C. Create a public subnet for the Autonomous Database and configure a Service Gateway with access to all Oracle Services in OCI. Configure NSG rules allowing only traffic from the application's compute instances.

D. Create a private subnet for the Autonomous Database and configure a Service Gateway with access to Autonomous Database Oracle Services in OCI. Configure NSG rules allowing only traffic from the application's compute instances, and configure routing to a Dynamic Routing Gateway (DRG) for access to other VCN subnets. Reserve a large CIDR block for future database expansion.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

1z0-1124-25試験無料問題集「Oracle Cloud Infrastructure 2025 Networking Professional 認定」