Which two statements about file storage service (FSS) are accurate? (Choose two.)
A. FSS leverages UNIX user group and permission checking for file access security
B. Encryption of file system in FSS is optional
C. Identity and Access Management (IAM) controls which file systems are mountable by which instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target within the same subnet
E. Data in transit to an FSS mount target is encrypted
D is not correct, if you look into it carefully, you will find that “within the same subnet” and I think security list can’t control rules within one subnet instances sperately… pls correct me if wrong.
– sec lists are like ACLs so cant be applied in the same subnet, :/ so D is wrong
A and E
E – is correct, as in transit it is encrypted,
A – https://docs.oracle.com/cd/E19253-01/816-4557/secfile-60/index.html
A and D is correct
D = all the required NFS ports must be specified in the Security List such as 111/tcp, 2048-2050/tcp, 111/udp for ingress and egress 111/udp is required.
E = you can enable in-transit encryption using oci-fss-utils as described here https://docs.cloud.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm
So the correct answer is D and E
you are right
Option E cant be correct option, as data is encrypted at rest only not in transit.
so AD is correct answer.
Correct Answer is A,E
Ref.:
https://docs.cloud.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm?Highlight=file%20storage%20service
–> How File Storage Permissions Work
The AUTH_UNIX style of authentication and permission checking is supported for remote NFS client requests.
Yep, D & E
Correct answers: D&E.