Oracle Cloud Infrastructure 2019 Developer Associate — Question 136

You are a network architect and have designed the network infrastructure of a three-tier application on Oracle Cloud Infrastructure (OCI). In the architecture, back- end DB servers are in a private subnet. One of your DB administrators requests to have access to OCI object storage service.
How can you meet this requirement?

Answer options

• A. Create a service gateway, add a new route rule to the private subnet route table that uses object storage as your service gateway target type
• B. Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a default route rule to the private subnets route table and set the target as DRG
• C. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the private subnet route table to route default traffic to the internet gateway
• D. Add a new route rule to the private subnet route table to route default traffic to the internet gateway

Correct answer: A

Explanation

The correct answer is A because creating a service gateway allows private subnets to access OCI services like object storage without exposing them to the public internet. Options B and C involve setting up routes that either go through a dynamic routing gateway or expose the instances to the internet, which does not meet the requirement for secure access to the object storage. Option D simply routes traffic to the internet without addressing the need for access to OCI services.