Oracle Cloud Infrastructure 2021 Multicloud Architect Associate — Question 23

You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server
(192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added.
What solution should you recommend? (Choose the best answer.)

Answer options

• A. The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit.
• B. Advertise a 192.168.10.10/32 route over the VPN.
• C. Advertise a 192.168.10.10/32 router over the FastConnect.
• D. The instances will communicate by default over the FastConnect private virtual circuit, which ensures data is encrypted in-transit.

Correct answer: B

Explanation

The correct answer is B because advertising the 192.168.10.10/32 route over the VPN allows the OCI compute instance to communicate securely with the on-premises server through the IPsec tunnel, which encrypts the data in transit. Option A is incorrect because it does not consider that no static configuration is in place, so without advertising the route, the VPN will not be utilized. Options C and D are incorrect as they do not provide encryption for the HTTP communication; FastConnect does not inherently encrypt data.