B and C are correct, there seems to be an IP typo though.

Not true. the ADW has no idea what the private IP address means to it. It needs the public IP of the NAT gateway. It should be B and C

A is wrong because the ADW has no Security List. B is correct as the private subnet needs a route entry to exit on internet through the NAT gateway C is "correct" because the ADW's ACL needs an entry for 129.145.160.11 (either the diagram or the C answer has got a typo, the second octect should match). D is wrong, a private subnet has no use for an Internet Gateway E is wrong, as the 10.2.2.0/24 CIDR block is hidden by the NAT Gateway and not visible by the ADW

in the exam today

B,C... ignoring the typo in the answer C

Correct Answers are B and C, here are the documentation links for the explanation I gave: https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Database/Tasks/adbcreating_topic-Adding_an_access_control_list_ACL_to_your_database.htm https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/adbnetworkaccess/network-access-control-list-configure.html https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/network-access-control-list-configure.html#GUID-B6389402-3F4D-45A2-A4DE-EAF1B31D8E50

Correct Answers are B and C Can someone update the answers? For Option A: Security List, since sec lists are at subnet level ADW doesn’t have a security list. If it did have a list it and would need source, dest, and type of traffic. Not enough info for option A and doesn’t apply to ADW. For Option D: Resources that need to connect to the Internet must be in a PUBLIC subnet and have a PUBLIC IP address. A private subnet would need to go through a NAT. Therefore, Option D is not valid. For Option E: is ruled out due to the given CIDR block being private when a public one is needed. That’s why it goes through the NAT. ADW Access Control List (ACL): IP address in the ACL is the PUBLIC facing address on the public internet that you want to grant access. CIDR Block, is the public CIDR block of the clients that are visible on the public internet that you want to grant access.

B&C are correct answers.

B & C are the correct options. please see; https://docs.oracle.com/en-us/iaas/adbnetworkaccess/network-access-control-list-notes.html

C is wrong, because the IP address, in the graph is 129.145.160.11 and in the answer it is 129.146.160.11, it has the second different octet

Its B and E. So - we largely agree that B is correct. So its down to whether the access Contrl List needs the CLIENT or the PRIVATE SUBNET adding. - C is wrong as the question isnt about accessing from the CLIENT computer, its about accessing from the PRIVATE SUBNET.

Answer C and the NAT Gateway Public IP address doesn't match. Suppose it's a typo, otherwise C cannot be the answer

A&B.. Correct