ExamTopics Logo
Mail Us[email protected]
Menu
Oracle Discussions
exam questions

Exam 1z0-932 All Questions

View all questions & answers for the 1z0-932 exam
Go to Exam

Exam 1z0-932 topic 1 question 128 discussion

Actual exam question from Oracle's 1z0-932
Question #: 128
Topic #: 1
[All 1z0-932 Questions]

You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB
System. The application requires a shared file system so you have provisioned one using the file storage service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system.
What change would you make to satisfy this requirement?

  • A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
  • B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read-only access.
  • C. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.
  • D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by umarkhan at April 12, 2020, 7:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
umarkhan
Highly Voted 4 years, 10 months ago
A is ans
upvoted 19 times
...
surya274
Highly Voted 4 years, 9 months ago
A is the Correct answer, NFS_Export
upvoted 6 times
...
RahulAzureCertified
Most Recent 1 year, 2 months ago
Selected Answer: D
NFS export (A) is partially correct because creating an NFS export option that allows READ_ONLY access would restrict access to the file system based on the source CIDR range of the DB System subnet. However, it is not the most secure option because it relies on IP-based access control, which can be less secure than access control based on identity and access management (IAM) policies. Therefore, the most secure and appropriate option is to create an instance principal for the DB System and write an IAM policy that allows the instance principal read-only access to the file storage service. This approach provides fine-grained control over access to the file system based on the identity of the DB System, ensuring that only the DB System can access the file system and only for read-only operations.
upvoted 1 times
...
Mohamed79
3 years, 10 months ago
Correct answer is A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago