Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1104-23 Topic 5 Question 15 Discussion

Actual exam question for Oracle's 1Z0-1104-23 exam
Question #: 15
Topic #: 5
[All 1Z0-1104-23 Questions]

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

* Configure a Virtual Cloud Network (VCN) and a Private Subnet.

* Provision a Compute Instance in the private subnet and enable Bastion Plugin.

* Create a Bastion and Bastion session.

* Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Show Suggested Answer Hide Answer
Suggested Answer: A

Solutions:

From the navigation menu, select Identity & Security and then click Bastion.

In the left navigation pane, select your working compartment under List Scope from the drop-down menu.

Click the SPPBTBASTION992831403labuser13 bastion.

Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.

Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file)

Use a Notepad text editor to replace with the private key of the SSH key pair that you provided when you created the session.

a. For example:

perl

ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162

Click the Cloud Shell icon at the right of the OCI console header.

Verify that you are in the home directory. a.cd ~

Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.

The file will be named similarly to ssh-key-<date>.key.

Locate and change the permission of the private key by executing the following commands: a.lsb.chmod 400

Run the SSH command to connect the compute instance in the private subnet. a. For example:

perl

ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162

Note: Enter yes in response to ''Are you sure you want to continue connecting (yes/no)?'' 13. Verify the connected instance's Private IP address. a.ifconfig

Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.

Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.


Contribute your Thoughts:

Goldie
5 months ago
Yes, it's essential to follow best practices for secure access, especially in a private subnet scenario.
upvoted 0 times
...
Michel
6 months ago
I heard using Bastion Hosts reduces the attack surface and makes remote access more secure.
upvoted 0 times
...
Sophia
6 months ago
I think setting up a Bastion Host is crucial for secure access to private resources.
upvoted 0 times
...
Gail
6 months ago
I agree, it seems complex. But I believe it's important for security.
upvoted 0 times
...
Jaclyn
6 months ago
I found this task challenging. What do you think about setting up a Bastion Host?
upvoted 0 times
...
Louann
6 months ago
I agree. And enabling Bastion Plugin will add an extra layer of protection.
upvoted 0 times
...
Mabel
7 months ago
I think configuring a VCN and a Private Subnet is the first step to secure the environment.
upvoted 0 times
...
Clement
7 months ago
Yes, deploying a public subnet and a jump server can be risky.
upvoted 0 times
...
Louann
7 months ago
I believe using a Bastion Host is necessary for security reasons.
upvoted 0 times
...
Mabel
7 months ago
I agree with you, Setting up a Bastion Host sounds complicated.
upvoted 0 times
...
Clement
7 months ago
I think this task is really challenging.
upvoted 0 times
...
Ettie
8 months ago
Yeah, and then we need to provision the compute instance in the private subnet and enable the Bastion plugin. That's where things start to get interesting.
upvoted 0 times
...
Maryln
8 months ago
Okay, let's break this down step-by-step. First, we need to configure the VCN and private subnet, right? That seems straightforward enough.
upvoted 0 times
...
Arlette
8 months ago
Haha, I'm kind of excited about this, to be honest. It's like a puzzle we have to solve, you know? I love a good challenge like this.
upvoted 0 times
Angelo
7 months ago
Once we enable the Bastion Plugin and create a Bastion session, we should be good to go.
upvoted 0 times
...
Lenna
7 months ago
I think configuring the VCN and private subnet is the first step we need to take.
upvoted 0 times
...
Stevie
7 months ago
I'm ready to set up the Bastion host. It's all about following the steps correctly.
upvoted 0 times
...
Miriam
7 months ago
I agree! This seems like a fun challenge to figure out.
upvoted 0 times
...
...
Joaquin
8 months ago
I'm a little nervous about this one, to be honest. I mean, I understand the concept, but actually implementing it? That's a whole other story.
upvoted 0 times
...
Erick
8 months ago
Yeah, no kidding. I've heard of bastion hosts before, but setting one up to access a private compute instance? That's some advanced stuff right there.
upvoted 0 times
...
Kasandra
8 months ago
Whoa, this question looks pretty intense! Bastion hosts and private subnets? Sounds like we're diving deep into the world of cloud infrastructure security.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77