Which OCI service or feature enables the enforcement of granular, identity-based access controls for packet routing, crucial for implementing Zero Trust principles?
Correct Answer: C
* Zero Trust Principles:Require explicit, identity-based access controls at every network stage.
* Evaluate OCI Services:
* Internet Gateway:Enables public internet access, no identity-based control.
* Service Gateway:Provides private service access, no granular routing control.
* NSGs:Offer stateful, identity-based rules at the VNIC level.
* DRG:Facilitates routing, not identity-based access control.
* NSG Fit:NSGs allow rules based on VNIC identity, source/destination IP, and ports, aligning with Zero Trust.
* Conclusion:NSGs are the best fit for granular, identity-based routing control.
NSGs are pivotal for Zero Trust in OCI. The Oracle Networking Professional study guide states, "Network Security Groups provide granular, stateful security rules that can be applied to specific VNICs, enabling identity-based access controls essential for Zero Trust architectures" (OCI Networking Documentation, Section: Network Security Groups). Unlike security lists (subnet-level), NSGs offer instance-level precision.