Oracle Cloud Infrastructure 2020 Architect Professional — Question 8

A hospital in Austin has hosted its web-based medical records portal entirely in Oracle Cloud Infrastructure (OCI) using compute instances for its web-tier and DB
System database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the hospital hired an IT security professional to check their systems.
It was found that there were a lot of unauthorized requests coming from a set of IP addresses originating from a county in Southeast Asia.
Which option can mitigate this type of attack? (Choose the best answer.)

Answer options

• A. Block the attacking IP addresses by creating a Security List rule to deny access to the subnet where the web server is running.
• B. Block the attacking IP addresses by creating a Network Security Group rule to deny access to the compute instance where the web server is running.
• C. Implementing an OCI Web Application Firewall Bot Management policy to identify the attacking IP addresses and mitigate the threat.
• D. Block the attacking IP addresses by implementing an OCI Web Application Firewall policy using Access Control Rules.

Correct answer: D

Explanation

The correct answer is D because an OCI Web Application Firewall policy with Access Control Rules is specifically designed to manage and mitigate threats from malicious IP addresses. Options A and B only block access at the subnet or instance level, which may not be as effective against dynamic or changing attack sources. Option C, while useful for bot management, does not explicitly block the malicious IPs, making it less effective in this scenario.