Topic 1 Question 190
2 つ選択A healthcare company is using an Amazon SageMaker notebook instance to develop machine learning (ML) models. The company's data scientists will need to be able to access datasets stored in Amazon S3 to train the models. Due to regulatory requirements, access to the data from instances and services used for training must not be transmitted over the internet.
Which combination of steps should an ML specialist take to provide this access?
Configure the SageMaker notebook instance to be launched with a VPC attached and internet access disabled.
Create and configure a VPN tunnel between SageMaker and Amazon S3.
Create and configure an S3 VPC endpoint Attach it to the VPC.
Create an S3 bucket policy that allows traffic from the VPC and denies traffic from the internet.
Deploy AWS Transit Gateway Attach the S3 bucket and the SageMaker instance to the gateway.
ユーザの投票
コメント(6)
I think the answer is CD.
👍 7dunhill2022/11/28- 正解だと思う選択肢: AC
A and C seems fine
👍 6Amit110119962022/11/29 - 正解だと思う選択肢: AC
A and C are correct. To disable direct internet access, you can specify a VPC for your notebook instance. By doing so, you prevent SageMaker from providing internet access to your notebook instance. As a result, the notebook instance can't train or host models unless your VPC has an interface endpoint (AWS PrivateLink) or a NAT gateway and your security groups allow outbound connections. https://docs.aws.amazon.com/sagemaker/latest/dg/appendix-notebook-and-internet-access.html https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-interface-endpoint.html D is wrong. Bucket policy cant be used to deny internet access. It can only enforce access from VPC or VPC endpoint
👍 2blanco7502023/03/19
シャッフルモード