In a multi-tier application architecture with separate public and private subnets, where should an OCI Bastion host be placed to provide secure access to resources in the private subnets without exposing them to the internet?
A.
Directly in the private subnet.
B.
In a dedicated public subnet specifically for Bastion hosts.
C.
In a separate VCN peered with the application VCN.
Purpose:Secure access to private subnet resources via Bastion.
Placement Considerations:Must be internet-accessible yet isolated.
Evaluate Options:
A:Private subnet lacks internet access for Bastion; incorrect.
B:Dedicated public subnet balances accessibility and isolation; correct.
C:Separate VCN adds complexity, unnecessary; less optimal.
D:Ambiguous phrasing, but implies exposure; less precise than B.
Conclusion:Dedicated public subnet is the best placement.
OCI Bastion requires public access with security. The Oracle Networking Professional study guide notes, "Place the Bastion host in a public subnet with a dedicated configuration to allow secure SSH access to private subnet resources without exposing them directly" (OCI Networking Documentation, Section: Bastion Host Placement). Option B ensures this balance.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit