Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Oracle Discussions

Exam 1z0-997-20 topic 1 question 22 discussion

Actual exam question from Oracle's 1z0-997-20
Question #: 22
Topic #: 1
[All 1z0-997-20 Questions]

You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR
172.17.0.0/24.
You have the following configuration currently:
✑ Virtual cloud network (VCN) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.
✑ Oracle database system is hosted in a private subnet.
✑ The private subnet route table has following configuration.

✑ The private subnet security list has following INGRESS security rule.

✑ The Oracle database system is part of a network security group with following security rules.

However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue? (Choose the best answer.)

  • A. Add an EGRESS rule in private subnet security list as following.
  • B. Add an EGRESS rule in network security group as following.
  • C. Add a route rule in the private subnet route table as following.
  • D. Add an Egress rule in private subnet security list as following.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Faz at Nov. 20, 2020, 4:41 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Sanduni
Highly Voted 2 years, 4 months ago
In Answer A Source should be replaced with Destination. Answer is A
upvoted 6 times
IT_Thinker
2 years, 3 months ago
Answer has to be A because even if you wanted to use NSGs instead of Security Lists, you can't just leave that stateless rule hanging out there. Until the Security List's stateless ingress rule for port 1521 is partnered with and egress rule, the traffic will NEVER flow. NSGs do not over-ride Security Lists/Security Lists do not over-ride NSGs.
upvoted 2 times
...
...
fhoyos
Highly Voted 3 years, 5 months ago
Answer is A: Given the private subnet has a stateless ingress rule, we need to create a stateless egress rule that allows the DB to reply back. Stateless: Does not allow auto reply Stateful: Allow reply back to the source ip
upvoted 5 times
...
Attaxhan
Most Recent 2 years, 2 months ago
in today exam
upvoted 2 times
...
csandesh
2 years, 2 months ago
A is correct
upvoted 1 times
...
JohnPi
2 years, 2 months ago
Selected Answer: A
Answer is A.
upvoted 1 times
...
BalaChinnasamy
2 years, 2 months ago
Answer should be A. There is a staless ingress rules already ecist. just need another stateless EGRESS rule
upvoted 1 times
...
serivn
2 years, 2 months ago
Correct answer is A. While NSG is stateful then no needed to explicitly define an egress rule --> B is wrong. D have a wrong configuration for Source/Destination port. C is redundant as the route table has been configured correctly before.
upvoted 1 times
...
fyzzzz
2 years, 3 months ago
Selected Answer: B
Both A & B should have Destination instead of Source and both would resolve the issue but I would go with B for more granularity. If you choose to use both security lists and network security groups, the set of rules that applies to a given VNIC is the union of these items, this means you can have a SL stateless INGRESS rule and a corresponding EGRESS rule in the NSG. I tested this and it works : https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#use_both
upvoted 2 times
...
alfamaven
2 years, 4 months ago
Selected Answer: B
B because it is specific stateful ingress to database instead of the whole subnet. The problem was only about access to database.
upvoted 1 times
...
adesmaster
3 years, 4 months ago
Answer is A, but the picture is wrong as it shows "source" instead of "destination"
upvoted 2 times
...
ankit89
3 years, 4 months ago
Answer is A. Stateless rule , requires to have ingress and egress both to communicate.
upvoted 5 times
...
yanqingdong
3 years, 4 months ago
should be A with destination ip, not source ip.
upvoted 3 times
...
Faz
3 years, 5 months ago
Correct answer is B. Since security lists created is a stateless one, no need to have a egress rule. Whereas NSG is stateful, we need to add corresponding egress rule for the ingress rule.. Hence the answer is B.
upvoted 2 times
ganderson
3 years, 5 months ago
I am not sure that is true. I believe it's the opposite Stateful rules don't require an egress. Here is the documentation (https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#stateful). It says 'Marking a security rule as stateless indicates that you do NOT want to use connection tracking for any traffic that matches that rule. This means that response traffic is not automatically allowed. To allow the response traffic for a stateless ingress rule, you must create a corresponding stateless egress rule'. So since it was marked as stateless, we do need an egress. I think answer is still A
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel