1z0-997-20 Exam QuestionsBrowse all questions from this exam
Go to Exam

1z0-997-20 Exam - Question 10

You designed and deployed your Autonomous Data Warehouse (ADW) so that it is accessible from your on-premise data center and servers running on both private and public networks in Oracle Cloud Infrastructure (OCI).

As you are testing the connectivity to your ADW database from the different access paths, you notice that the server running on the private network is unable to connect to ADW.

Which two steps do you need to take to enable connectivity from the server on the private network to ADW? (Choose two.)

Show Answer
Correct Answer: BC

To enable connectivity from the server on the private network to the Autonomous Data Warehouse (ADW), you need to add an entry in the route table associated with the private subnet for routing the traffic through the NAT Gateway, and you need to update the access control list (ACL) of ADW to include the IP address of the NAT Gateway. Adding an entry in the route table with a destination of 0.0.0.0/0 and the target type of NAT Gateway allows the private subnet to route traffic to external networks using the NAT Gateway. Including the NAT Gateway's public IP address in the ACL ensures that ADW can accept connections from the private network routed through the NAT Gateway. Option A, which suggests modifying the security list of ADW, is not correct because ADW does not have security lists; it uses ACLs to control access.

Discussion

13 comments
Sign in to comment
ankit89
Dec 11, 2020

B and C are correct, there seems to be an IP typo though.

Osong
Nov 13, 2020

Not true. the ADW has no idea what the private IP address means to it. It needs the public IP of the NAT gateway. It should be B and C

fhoyos
Nov 7, 2020

A&B.. Correct

fhoyos
Nov 17, 2020

Correct is B&C . the NAT gateway ip address is required to be in the ACL. Ensure that the Access Control List for the Autonomous Database (ADB) has the necessary entries for CIDR Block ranges and IP addresses. When connecting to ADB from a server running on a private subnet (on the same OCI tenancy as the ADB), ensure that you have a service gateway or NAT gateway attached to the VCN. The route table for the subnet needs to have the appropriate routing rules for the service gateway or NAT gateway. The security lists for the subnet will need to have the right egress rules.

rc_1030
Nov 20, 2020

Answer C and the NAT Gateway Public IP address doesn't match. Suppose it's a typo, otherwise C cannot be the answer

plafaurie
Aug 30, 2021

C is wrong, because the IP address, in the graph is 129.145.160.11 and in the answer it is 129.146.160.11, it has the second different octet

plafaurie
Sep 7, 2021

I did the exam and I passed, they asked me this question, the IPs are the same between the diagram and the answer, therefore the answer C is correct.

AJ22
Dec 9, 2021

We need two answers here.

AJ22
Dec 9, 2021

We need two answers here.

bjmC
Nov 29, 2020

Its B and E. So - we largely agree that B is correct. So its down to whether the access Contrl List needs the CLIENT or the PRIVATE SUBNET adding. - C is wrong as the question isnt about accessing from the CLIENT computer, its about accessing from the PRIVATE SUBNET.

bjmC
Nov 29, 2020

Scratch that - helps if I can read the IP addresses correctly. its B and C!

EaglEyeZ
Dec 22, 2021

B & C are the correct options. please see; https://docs.oracle.com/en-us/iaas/adbnetworkaccess/network-access-control-list-notes.html

m_b_gOptions: BC
Dec 24, 2021

B&C are correct answers.

Scipio88
Jan 4, 2022

Correct Answers are B and C Can someone update the answers? For Option A: Security List, since sec lists are at subnet level ADW doesn’t have a security list. If it did have a list it and would need source, dest, and type of traffic. Not enough info for option A and doesn’t apply to ADW. For Option D: Resources that need to connect to the Internet must be in a PUBLIC subnet and have a PUBLIC IP address. A private subnet would need to go through a NAT. Therefore, Option D is not valid. For Option E: is ruled out due to the given CIDR block being private when a public one is needed. That’s why it goes through the NAT. ADW Access Control List (ACL): IP address in the ACL is the PUBLIC facing address on the public internet that you want to grant access. CIDR Block, is the public CIDR block of the clients that are visible on the public internet that you want to grant access.

Scipio88
Jan 4, 2022

Correct Answers are B and C, here are the documentation links for the explanation I gave: https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Database/Tasks/adbcreating_topic-Adding_an_access_control_list_ACL_to_your_database.htm https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/adbnetworkaccess/network-access-control-list-configure.html https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/network-access-control-list-configure.html#GUID-B6389402-3F4D-45A2-A4DE-EAF1B31D8E50

30thOptions: BC
Jan 29, 2022

B,C... ignoring the typo in the answer C

Attaxhan
Feb 24, 2022

in the exam today

LudoOptions: BC
Jan 9, 2023

A is wrong because the ADW has no Security List. B is correct as the private subnet needs a route entry to exit on internet through the NAT gateway C is "correct" because the ADW's ACL needs an entry for 129.145.160.11 (either the diagram or the C answer has got a typo, the second octect should match). D is wrong, a private subnet has no use for an Internet Gateway E is wrong, as the 10.2.2.0/24 CIDR block is hidden by the NAT Gateway and not visible by the ADW