Topic 1 Question 116
2 つ選択A machine learning (ML) specialist wants to secure calls to the Amazon SageMaker Service API. The specialist has configured Amazon VPC with a VPC interface endpoint for the Amazon SageMaker Service API and is attempting to secure traffic from specific sets of instances and IAM users. The VPC is configured with a single public subnet. Which combination of steps should the ML specialist take to secure the traffic?
Add a VPC endpoint policy to allow access to the IAM users.
Modify the users' IAM policy to allow access to Amazon SageMaker Service API calls only.
Modify the security group on the endpoint network interface to restrict access to the instances.
Modify the ACL on the endpoint network interface to restrict access to the instances.
Add a SageMaker Runtime VPC endpoint interface to the VPC.
ユーザの投票
コメント(9)
- 👍 15mona_mansour2021/10/12
- 正解だと思う選択肢: AC
A - VPC endpoint policy can limit the access to specific group of user/roles Not B - setting iam user policy can limit user access other aws service but not secure the traffic C - “specific” sets of instances - means security rules in instance level Not D - ACL (access control list) allows or denies specific inbound or outbound traffic at the subnet level. Not E - VPC is configured with public subnet, adding interface without limit the traffic means not secure
👍 5wisoxe83562022/12/06 The VPC endpoint is already available waiting to be configured. No need to add one. A and E are out. Furthermore if an IAM endpoint is not set, a default one will be provided and you can't have more than 1 IAM policy but can modify the one that's available. -Restric access to only calls coming from the VPC, then modify the security group to give access to user group or roles that need access to that notebook. I think the answer is B and C
👍 3msamory2021/10/24
シャッフルモード