Topic 1 Question 30
A company runs an Amazon SageMaker domain in a public subnet of a newly created VPC. The network is configured properly, and ML engineers can access the SageMaker domain. Recently, the company discovered suspicious traffic to the domain from a specific IP address. The company needs to block traffic from the specific IP address. Which update to the network configuration will meet this requirement?
Create a security group inbound rule to deny traffic from the specific IP address. Assign the security group to the domain.
Create a network ACL inbound rule to deny traffic from the specific IP address. Assign the rule to the default network Ad for the subnet where the domain is located.
Create a shadow variant for the domain. Configure SageMaker Inference Recommender to send traffic from the specific IP address to the shadow endpoint.
Create a VPC route table to deny inbound traffic from the specific IP address. Assign the route table to the domain.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
That's basic network topic.
👍 2GiorgioGss2024/11/27 - 正解だと思う選択肢: B
Protection at subnet level: Network ACL. Specific IP addresses can be denied at inbound connection level
👍 2Saransundar2024/12/04 - 正解だと思う選択肢: B
There is no deny in SG's - only allows- So NACL is the clear answer here
👍 1Certified1012025/02/04
シャッフルモード