Oracle Cloud Infrastructure 2023 Architect Associate — Question 25

A recently hired network administrator has been given the task of removing SSH permissions from all compute instances in the company's tenancy. She finds all Virtual Cloud Networks (VCNs) in the tenancy using Tenancy Explorer. She removes port 22 from the Security Lists in all VCNs. After she completes the task, the very first compute instance that she tests SSH against, allows her to still SSH into it. Why is that?

Answer options

• A. The VCN where that compute instance resides still has an Internet Gateway.
• B. The VCN where that compute instance resides still has a route rule that allows port 22.
• C. The VNIC of that compute instance is attached to a Network Security Group (NSG) that has a stateful ingress rule for all protocols on source CIDR 0.0.0.0/0.
• D. The VNIC of that compute instance is attached to a Cluster Network that has a stateful ingress rule for all protocols on source CIDR 0.0.0.0/0.

Correct answer: C

Explanation

The correct answer is C because the compute instance's VNIC is associated with a Network Security Group (NSG) that permits SSH traffic due to its stateful ingress rule. Options A and B are incorrect as they do not directly address the NSG's influence on SSH access. Option D is also incorrect because it refers to a Cluster Network, which does not apply in this context.