nerdexam
Oracle

1Z0-997 · Question #50

1Z0-997 Question #50: Real Exam Question with Answer & Explanation

The correct answer is D. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform tot inspection.. Explanation/Reference: in Transit routing through a private IP in the VCN you set up an instance in the VCN to act as a firewall or intrusion detection system to filter or inspect the traffic between the on-premises network and Oracle Services Network. The Networking service lets

Question

An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) in the us-phonix-1 region. The on-premise applications communications with compute instances inside the VPN over a hardware VPN connection. They are looking to implement an Intrusion detected and Prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands of compute of instances running inside the VCN. How should they architect their solution on OCI to achieve this goal?

Options

  • AThere is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels is already encrypt.
  • BSet up an OCI Private Load Balance and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic.
  • CConfigure autoscaling on a compute Instance pool and set vNIC to promiscuous mode to called traffic across the vcn and send it IDS/IPS platform for
  • DConfigure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform tot inspection.

Explanation

Explanation/Reference: in Transit routing through a private IP in the VCN you set up an instance in the VCN to act as a firewall or intrusion detection system to filter or inspect the traffic between the on-premises network and Oracle Services Network. The Networking service lets you implement network security functions such as intrusion detection, application-level firewalls In fact, the IDS model can be host- based IDS (HIDS) or network-based IDS (NIDS). HIDS is installed at a host to periodically monitor specific system logs for patterns of intrusions. In contrast, an normal traffic are inadequate, ANIDS may generate a large number of false alarms.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 1Z0-997 Practice