Oracle Cloud Infrastructure 2021 Architect Associate — Question 15

You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system so you have provisioned one using the file storage service (FSS).
You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that the application servers can access file storage service (FSS). The security team changed the settings for the DB System to have read-only access to the file system. However, when they went to test this they are unable to access the (FSS).
What change should you make to allow access to (FSS)?

Answer options

• A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
• B. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateful.
• C. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
• D. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.

Correct answer: A

Explanation

The correct answer, A, is necessary because creating an NFS export option that allows READ_ONLY access ensures the DB System can connect and access the file storage service. The other options either modify security settings that may not directly address the access issue or introduce unnecessary complexity that does not guarantee access.