Oracle Cloud Infrastructure 2020 Architect Associate — Question 50

As a solution architect, you designed the network infrastructure of a three-tier web application on Oracle Cloud Infrastructure (OCI) and the back-end database servers are put in a private subnet. One of your database administrators requests to have private access to OCI object storage service.
How should you fulfill this request?

Answer options

• A. Add a new route rule to the private subnet route table to route default traffic to the internet gateway.
• B. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the private subnet route table to route default traffic to the internet gateway.
• C. Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a default route rule to the private subnets route table and set the target as DRG.
• D. Create a service gateway, add a new route rule to the private subnet route table that uses object storage as target type.

Correct answer: D

Explanation

The correct answer is D because creating a service gateway allows private access to OCI object storage without routing traffic through the internet. Options A and B would expose the instances to the public internet, which is not secure. Option C, while a valid networking setup, does not provide the necessary private access to the object storage service.