A. Create two DRGs in the tenancy, attach one VCN to one of the DRGs, and attach the other VCN to the second DRG. In each of the DRGs, create a remote peering connection (RPC) and establish a connection from one RPC to the other. In each of the VCNs’ route table, add a route rule to the other VCN using the DRG as the next hop.

B. Create a dynamic routing gateway (DRG) in the tenancy, add the two VCNs as VCN attachments, and add routes in each of the VCN route tables with the DRG as the next hop for the CIDR prefix of the other VCN.

C. Add an LPG to each of the VCNs. In one of the LPGs, establish a peering connection to the other LPG. In each of the VCNs’ route table, add a route rule to the other VCN using the LPG as the next hop.

D. Create a DRG in the tenancy, add one of the VCNs as a VCN attachment. In the other VCN, create a local peering gateway (LPG). Peer the DRG to the LPG. In the VCN attached to the DRG, add a route rule in the route table that points to the DRG as the next hop. In the other VCN, add a route rule in the route table that points to the LPG as the next hop.

E. Create a DRG in the tenancy, add one of the VCNs as a VCN attachment. In the other VCN, create a local peering gateway (LPG). Peer the DRG to the LPG. In the VCN attached to the DRG, enable BGP routing for the route to propagate to the VCN. In the other VCN, add a route rule in the route table that points to the LPG as the next hop.

A. With a service gateway, you would need one gateway, whereas in an architecture based on private endpoints, you would need six endpoints.

B. If ever needed, service gateways and private endpoints would both support reverse connections from OCI back into your environment.

C. To route traffic from within the VCN to the databases, in both cases you would need to configure routes in your routing tables. In the case of service gateways, the route would point to the gateway, and in the case of private endpoints the route would point to the endpoint.

A. Rate limiting to restrict the number of requests from a single IP

B. Network Address List (NAL) for authorized users

C. CAPTCHA challenge to all incoming traffic

A. Create a firewall rule for each IP address category (malicious, competitor, trusted, partner) and use the BLOCK or ALLOW actions. Create an access control rule for each user agent or HTTP method condition and use the ALLOW or REDIRECT actions.

B. Create a network address list for each IP address category (malicious, competitor, trusted,partner) and use it in your firewall rules. Create an access control rule for each user agent or HTTP method condition and use the ALLOW or REDIRECT actions.

C. Create both a firewall and network rules for each IP address category (malicious, competitor,trusted, partner) and use the BLOCK or ALLOW actions. Create an access control rule for each user agent or HTTP method condition and use the REDIRECT or DENY actions.

A. Create VCN peering connections between the central shared-services VCN and each application VCN in each business unit’s OCI tenancy by using a local peering gateway in the shared services VCN for each business unit.

B. Create a dynamic routing gateway. Create an IPSec attachment to each application VCN. Create a VPN connection from each VCN to the shared services VCN. Provide full mesh connectivity among all the VCNs. Traffic will be encrypted end to end from the application to the shared services VCN.

C. Create a dynamic routing gateway. Create a cross-tenancy VCN attachment to each application VCN. Modify the routing tables of each attachment to import the shared-services VCN.

A. Deploy a third-party firewall appliance in a separate private subnet and update the route table on the service gateway to first send the inbound traffic to the private IP address of the firewall. No changes are required to the applications subnet.

B. Deploy a third-party firewall appliance in a separate private subnet and update the route table on the service gateway to first send the inbound traffic to the private IP address of the firewall. The routing table of the applications subnet must be manually updated.

C. Have the OCI service gateway perform in-depth and Layer 3 and 7 security inspections and provide the documentation to the CISO for their approval.

A. Create a new routing table in your VCN with a destination of 172.16.0.0/16 and a target of the DRG. Associate this routing table to your SGW.

B. Go to your SGW and create a new routing table with a destination of 172.16.0.0/16 and a target of the DRG. Click Enable.

C. Go to your DRG and export the routes from your on-premises network to your SGW dynamically by using BGP.

A. Create a static route in the dynamic routing gateway pointing to your on-premises network.

B. Set up rules in the hub VCN route tables that will direct traffic from each local peering gateway (LPG) on the hub VCN to the dynamic routing gateway (DRG), and from the DRG to each LPG.

C. Assign the Network Security Group to the local peering gateway.

D. Associate VCN route tables from the hub VCN with the hub VCN’s local peering gateways and dynamic routing gateway attachment.

E. Establish a connection between each spoke VCN and the hub VCN.