Examice

Exam 1z0-1072-23 All QuestionsBrowse all questions from this exam

Question 24

You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system, therefore you have provisioned one using the file storage service (FSS).

You have also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that the application servers can access FSS. The security team changed the settings for the DB System to have read-only access to the file system. However, when they test it, they are unable to access FSS.

How would you allow access to FSS?

Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.

Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.

Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.

Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateful.

Correct Answer: A

To allow access to the file storage service (FSS) from the DB System with read-only permissions, the correct approach is to create an NFS export option that specifies the allowed access level. NFS export options control access at the NFS protocol level, allowing you to define which IP ranges or subnets can connect to the file system and what level of access they have. By configuring an NFS export option with READ_ONLY access for the CIDR range of the DB System subnet, you ensure that the DB System can access the FSS with the required permissions.

Discussion

partnerexamsOption: A

NFS Export Options: These control access to the file system at the NFS protocol level. You can specify which subnets or IP ranges can access the file system and what level of access (read, write) they have. By creating an NFS export option that grants read-only access to the specific CIDR range of the DB System subnet, you explicitly allow the DB System to access the FSS with the necessary permissions.

MopoOption: A

NFS export options define access permissions for NFS clients accessing the file system. By creating an NFS export option with READ_ONLY access, you restrict the DB System to read-only access. You specify the source of access in the export option, which in this case would be the CIDR range of the DB System subnet. This ensures that only resources within the DB System subnet can access the file system. Configuring the NFS export option in this manner ensures that the DB System has the necessary permissions to access the file system for its read-only operations.

Rod22Option: D

Should be D.