Topic 1 Question 142
2 つ選択A finance company uses Amazon Redshift as a data warehouse. The company stores the data in a shared Amazon S3 bucket. The company uses Amazon Redshift Spectrum to access the data that is stored in the S3 bucket. The data comes from certified third-party data providers. Each third-party data provider has unique connection details.
To comply with regulations, the company must ensure that none of the data is accessible from outside the company's AWS environment.
Which combination of steps should the company take to meet these requirements?
Replace the existing Redshift cluster with a new Redshift cluster that is in a private subnet. Use an interface VPC endpoint to connect to the Redshift cluster. Use a NAT gateway to give Redshift access to the S3 bucket.
Create an AWS CloudHSM hardware security module (HSM) for each data provider. Encrypt each data provider's data by using the corresponding HSM for each data provider.
Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
Define table constraints for the primary keys and the foreign keys.
Use federated queries to access the data from each data provider. Do not upload the data to the S3 bucket. Perform the federated queries through a gateway VPC endpoint.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: AE
Shouldn't it be E and not C? Federated Queries: This method allows Redshift to query data directly from external sources without needing to store the data in Amazon S3. By using federated queries, the company can query third-party data sources without moving data into S3, reducing the attack surface. Gateway VPC Endpoint: A gateway VPC endpoint allows secure access to S3 from within the VPC without routing traffic over the public internet. This is crucial for maintaining compliance with regulations by ensuring that no data leaves the AWS environment.
👍 4kailu2024/12/21 - 正解だと思う選択肢: AC
A. Replace the existing Redshift cluster with a new Redshift cluster that is in a private subnet. Use an interface VPC endpoint to connect to the Redshift cluster. Use a NAT gateway to give Redshift access to the S3 bucket. C. Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
👍 2EJGisME2024/09/18 - 正解だと思う選択肢: AC
Why do we need NAT GW when we can have VPC GW or Interface Endpoints for S3 as well.
👍 2paali2024/12/16
シャッフルモード