You want to include all instances in any of two or morecompartments, which syntax should you use for dynamic policy you want to create for "Prod" compartment and "SIT" compartment? Prod OCID : ‘JON.Prod’ SIT OCID : 'JON.SIT’
Challenge 3 - Task 1 of 4 Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time -bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access. To complete this deployment, you have to perform the following tasks in the environment provisioned for you: • Configure a Virtual Cloud Network (VCN) and a Private Subnet. • Provision a Compute Instance in the private subnet and enable Bastion Plugin. • Create a Bastion and Bastion session. • Connect to a compute instance using Managed SSH session. Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1 Complete the following tasks in the provisioned OCI environment: Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01 Create a Private Subnet with the name PBT-BAS-SNET -01 Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network" Add Route Rules for Service Gateway Explanation: Solutions: ee the solution below in Explanation. Sign in to your OCI free tier account. Select Networking from the navigation menu and click Virtual Cloud Networks (VCNs). Select your working compartment under List Scope from the drop -down menu in the left navigation pane. Click Create VCN. In the Create a Virtual Cloud Network dialogue box, enter the following details: a. Name: PBT-BAS-VCN-01 b. IPV4CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting. d. Click Create VCN. You can now see that the VCN has been created successfully. Click Create Subnet. In the Create Subnet dialogue box, enter the following details: a. Name: PBT-BAS-SNET -01 b. Subnet Type: Regional c. IPV4CIDR Blocks: 10.01.0/24 d. Subnet Access: Private Subnet e. Note: Leave all the other options in their default setting. f. Click Create Subnet. You can see that the subnet has been created successfully. Under Resources, click Service Gateways in the left navigation pane. Click Create Service Gateway and enter the following details: a. Name: PBT-BAS-SG-01 b. Services: All <region> Services in Oracle Services Network. c. Click Create Service Gateway. You can see that the service gateway has been created successfully. d. Click Close. Under Resources, click Route Tables in the left navigation pane. Click the Default Route Table from the list. Click Add Route Rules and enter the following values: a. Target Type: Service Gateway b. Destination Service: All <region> Services in Oracle Services Network. c. Target Service Gateway: PBT -BAS-SG-01 d. Description: Description for Service gateway route rule e. Click Add Route Rules
Challenge 3 - Task 2 of 4 Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time -bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access. To complete this deployment, you have to perform the following tasks in the environment provisioned for you: • Configure a Virtual Cloud Network (VCN) and a Private Subnet. • Provision a Compute Instance in the private subnet and enable Bastion Plugin. • Create a Bastion and Bastion session. • Connect to a compute instance using Managed SSH session. Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1 Complete the following tasks in the provisioned OCI environment: Create a Compute Instance with the name PBT-BAS-VM-01, using the "Oracle Linux 8" image and shape "VM.Standard2.1", without SSH key and enable Bastion plugin. Explanation: Solutions: ee the solution below in Explanation. From the navigation menu, select Compute and then click Instances. In the left navigation pane, select your working compartment under List Scope from the drop -down menu. Click Create Instance. In the Create Instance dialogue box, provide the following details: a. Name: PBT-BAS-VM-01 b. Placement: Select Availability Domain AD. c. Image: Select the image Oracle Linux 8. d. Shape: Click Change shape > Select Ampere shape series > Select VM.Standard2.1. e. Click Select Shape to return to the Create compute instance window. f. Networking: Pick your PBT-BAS-VCN-01 and Private Subnet. g. Public IP address: Do not assign a Public IPv4 address. h. Add SSH keys: Do not add any SSH key. i. Note: Leave all the other options in their default setting. j. Click Show Advanced Options. On the Oracle Cloud Agent tab, select Bastion. Click Create. (Click Yes, and create an instance on the “No SSH access” prompt) After a few minutes, you can see that the instance has been successfully created, and the state is Running. Click the Oracle Cloud Agent tab on the instance details page. Toggle the Enable Plugin switch to Enable for the Bastion plug-in, if the switch is disabled. It can take 5-10 minutes for the change to take effect. After a few moments, the status of the Running for the Bastion -enabled service will be displayed.
Challenge 3 - Task 3 of 4 Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time -bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access. To complete this deployment, you have to perform the following tasks in the environment provisioned for you: • Configure a Virtual Cloud Network (VCN) and a Private Subnet. • Provision a Compute Instance in the private subnet and enable Bastion Plugin. • Create a Bastion and Bastion session. • Connect to a compute instance using Managed SSH session. Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1 Complete the following tasks in the provisioned OCI environment: 1. Create a Bastion with the name SPPBTBASTION99233424 -lab.user01 [Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13 2. Create a Session with the name PBT-1-Session -01, for compute instance in private subnet, with default username as "opc" Explanation: ee the solution below in Explanation. Solutions: Create Bastion: From the navigation menu, select Identity & Security and then click Bastion. In the left navigation pane, select your working compartment under List Scope from the drop -down menu. Click Create Bastion and enter the following details: a. Bastion name: SPPBTBASTION992831403labuser13 b. Configure Networking: i. Target virtual cloud network: Select PBT-BAS-VCN-01 ii. Target Subnet: Select PBT-BAS-SNET -01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway. c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion. d. Click Create Bastion. After a few minutes, you can see that the Bastion has been successfully created, and the state is Active. Create a Bastion Session: From the navigation menu, select Identity & Security and then click Bastion. In the left navigation pane, select your working compartment under List Scope from the drop -down menu. Click the SPPBTBASTION992831403labuser13 bastion. Click Create a Session and enter the following details: a. Bastion name: PBT-1-Session -01 b. Session type: Select Managed SSH session. c. Session name: PBT-1-Session -01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS- VM-01. Note: Click Change compartment and select the working compartment to locate VCN for the compute instance. f. Add SSH key g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation. i. Click Save public key. This will save the public key to your local workstation. j. Click Create session. After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.
Challenge 3 - Task 4 of 4 Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time -bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access. To complete this deployment, you have to perform the following tasks in the environment provisioned for you: • Configure a Virtual Cloud Network (VCN) and a Private Subnet. • Provision a Compute Instance in the private subnet and enable Bastion Plugin. • Create a Bastion and Bastion session. • Connect to a compute instance using Managed SSH session. Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1 Complete the following tasks in the provisioned OCI environment: Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell. Explanation: Solutions: ee the solution below in Explanation. From the navigation menu, select Identity & Security and then click Bastion. In the left navigation pane, select your working compartment under List Scope from the drop -down menu. Click the SPPBTBASTION992831403labuser13 bastion. Click the three dots next to the PBT-1-Session -01 managed SSH session to open the Actions menu and click the View SSH command. Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file) Use a Notepad text editor to replace <privateKey> with the private key of the SSH key pair that you provided when you created the session. a. For example: perl ssh -i ssh-key-2023 -08-02.key -o ProxyCommand="ssh -i ssh-key-2023 -08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us -ashburn - 1.oci.oraclecloud.com" -p 22 opc@10.0.1.162 Click the Cloud Shell icon at the right of the OCI console header. Verify that you are in the home directory. a. cd ~ Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell. The file will be named similarly to ssh-key-<date>.key. Locate and change the permission of the private key by executing the following commands: a. ls b. chmod 400 <private key file> Run the SSH command to connect the compute instance in the private subnet. a. For example: perl ssh -i ssh-key-2023 -08-02.key -o ProxyCommand="ssh -i ssh-key-2023 -08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us -ashburn - 1.oci.oraclecloud.com" -p 22 opc@10.0.1.162 Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?” 13. Verify the connected instance's Private IP address. a. ifconfig Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01. Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault? Select TWO correct answers
