Oracle Cloud Infrastructure 2020 Architect Associate — Question 52

You have an application server running in a public subnet on a compute instance in US West (us-phoenix-1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object storage bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a service gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic.
However, when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and not via the service gateway.
What could be the possible reason for this behavior?

Answer options

• A. Identity and Access Management (IAM) policies restrict the access to the object storage bucket.
• B. The service gateway created in the VCN resides in a different availability domain.
• C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0.
• D. The route table associated with the subnet has no route rule where the destination is object storage service.

Correct answer: D

Explanation

The correct answer is D because if the route table does not contain a specific route for the object storage service, traffic won't be directed through the service gateway, causing it to go over the internet. Option A is incorrect because IAM policies manage access permissions but do not affect the routing of traffic. Option B is not valid since service gateways are not dependent on availability domains but are tied to the VCN. Option C could lead to security issues, but it does not explain why the traffic would not use the service gateway.