Oracle Exam 1Z0-1104-23 Topic 5 Question 15 Discussion

Actual exam question for Oracle's 1Z0-1104-23 exam

Question #: 15
Topic #: 5

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

* Configure a Virtual Cloud Network (VCN) and a Private Subnet.

* Provision a Compute Instance in the private subnet and enable Bastion Plugin.

* Create a Bastion and Bastion session.

* Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

ASee the solution below in Explanation

Show Suggested Answer

Suggested Answer: A

Solutions:

From the navigation menu, select Identity & Security and then click Bastion.

In the left navigation pane, select your working compartment under List Scope from the drop-down menu.

Click the SPPBTBASTION992831403labuser13 bastion.

Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.

Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file)

Use a Notepad text editor to replace with the private key of the SSH key pair that you provided when you created the session.

a. For example:

perl

ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162

Click the Cloud Shell icon at the right of the OCI console header.

Verify that you are in the home directory. a.cd ~

Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.

The file will be named similarly to ssh-key-<date>.key.

Locate and change the permission of the private key by executing the following commands: a.lsb.chmod 400

Run the SSH command to connect the compute instance in the private subnet. a. For example:

perl

Note: Enter yes in response to ''Are you sure you want to continue connecting (yes/no)?'' 13. Verify the connected instance's Private IP address. a.ifconfig

Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.

Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.

by Markus at Apr 12, 2024, 01:12 PM

Limited Time Offer

25%

15 days ago

Whoa, this question looks pretty intense! Bastion hosts and private subnets? Sounds like we're diving deep into the world of cloud infrastructure security.

upvoted 0 times

...