Free Preparation Discussions
MENU
Oracle 1Z0-1124-25 Exam - Topic 7 Question 17 Discussion
Topic #: 7
You are designing an OCI networking architecture for a multi-tier application using Infrastructure as Code (IaC). The architecture includes an OKE cluster for the front-end, a set of Compute instances for the back-end, and an Autonomous Database. You want to ensure that all traffic between these components is encrypted. You are using Transport Layer Security (TLS) for end-to-end encryption but are concerned about the overhead of encrypting all traffic within the VCN. Which approach provides the MOST balanced approach to security and performance, minimizing the overhead of encryption while still protecting sensitive data?
Goal: Balance security and performance with encryption in a VCN.
Option A: TLS only to the load balancer leaves internal traffic unencrypted, risking exposure---insufficient security.
Option B: mTLS everywhere maximizes security but adds significant overhead (e.g., certificate management), impacting performance---overkill.
Option C: NSGs/Security Lists control access but don't encrypt traffic---lacks protection for sensitive data.
Option D: TLS between OKE and Compute secures app-tier communication. Oracle Database Vault ensures ADB traffic is encrypted efficiently, leveraging built-in features---balanced approach.
Conclusion: Option D optimizes security and performance.
Oracle states:
'Use TLS for application traffic between tiers. Autonomous Database with Database Vault provides encryption in transit and at rest, minimizing overhead.'
This supports Option D. Reference: Security in OCI Networking - Oracle Help Center (docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityoverview.htm).
Buddy
5 hours agoBrigette
5 days agoZona
10 days ago