Oracle Cloud Infrastructure 2019 Developer Associate — Question 11
You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB
System. The application requires a shared file system so you have provisioned one using the file storage service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system.
What change would you make to satisfy this requirement?
Answer options
- A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
- B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read-only access.
- C. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.
- D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
Correct answer: C
Explanation
The correct answer is C because modifying the security list to adjust the ingress rules for the DB System subnet ensures that it maintains read-only access to the file system through stateless rules. Option A is incorrect because NFS export options are not managed through security lists but through the file storage service settings. Option B does not provide a network-level restriction for read-only access and could inadvertently allow write permissions. Option D is also incorrect because creating an instance principal and policy does not directly enforce the read-only requirement at the network level.