Topic 1 Question 70

AWS Certified Advanced Networking - Specialty

Topic 1 Question 70
A company is planning to use Amazon S3 to archive financial data. The data is currently stored in an on-premises data center. The company uses AWS Direct Connect with a Direct Connect gateway and a transit gateway to connect to the on-premises data center. The data cannot be transported over the public internet and must be encrypted in transit. Which solution will meet these requirements?
- Create a Direct Connect public VIF. Set up an IPsec VPN connection over the public VIF to access Amazon S3. Use HTTPS for communication.
- Create an IPsec VPN connection over the transit VIF. Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS for communication.
- Create a VPC and attach the VPC to the transit gateway. In the VPC, provision an interface VPC endpoint for Amazon S3. Use HTTPS for communication.
- Create a Direct Connect public VIF. Set up an IPsec VPN connection over the public VIF to the transit gateway. Create an attachment for Amazon S3. Use HTTPS for communication.
ユーザの投票
コメント(10)
- VPN can be over Transit VIF: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-aws-transit-gateway-vpn.html
  
  👍 4
  ILOVEVODKA2023/03/25
- 正解だと思う選択肢: B
  both B and C are correct. Option B involves double encryption which is more secure but it's not explicitly defined in requirement that it would be required.
  
  👍 4
  fojta2023/03/26
- 正解だと思う選択肢: B
  Technically both B and C are possible, but with B encryption is enforced. You can prevent unencrypted S3 actions via bucket policies, but not mentioned in the question, see: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-HTTP-HTTPS
  
  In this case interface vpc endpoint for S3 is also correct, see: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html > "You can use two types of VPC endpoints to access Amazon S3: gateway endpoints and interface endpoints (by using AWS PrivateLink). A gateway endpoint is a gateway that you specify in your route table to access Amazon S3 from your VPC over the AWS network. Interface endpoints extend the functionality of gateway endpoints by using private IP addresses to route requests to Amazon S3 from within your VPC, on premises, or from a VPC in another AWS Region by using VPC peering or AWS Transit Gateway."
  
  But in this context I would go for B:
  
  👍 4
  that1guy2023/04/10
シャッフルモード

ユーザの投票

コメント(10)