Topic 1 Question 164

AWS Certified Security - Specialty

Topic 1 Question 164
A company has created a set of AWS Lambda functions to automate incident response steps for incidents that occur on Amazon EC2 instances. The Lambda functions need to collect relevant artifacts, such as instance ID and security group configuration. The Lambda functions must then write a summary to an Amazon S3 bucket.

The company runs its workloads in a VPC that uses public subnets and private subnets. The public subnets use an internet gateway to access the internet. The private subnets use a NAT gateway to access the internet.

All network traffic to Amazon S3 that is related to the incident response process must use the AWS network. This traffic must not travel across the internet.

Which solution will meet these requirements?
- Deploy the Lambda functions to a private subnet in the VPC. Configure the Lambda functions to access the S3 service through the NAT gateway.
- Deploy the Lambda functions to a private subnet in the VPC. Create an S3 gateway endpoint to access the S3 service.
- Deploy the S3 bucket and the Lambda functions in the same private subnet. Configure the Lambda functions to use the default endpoint for the S3 service.
- Deploy an Amazon Simple Queue Service (Amazon SQS) queue and the Lambda functions in the same private subnet. Configure the Lambda functions to send data to the SQS queue. Configure the SQS queue to send data to the S3 bucket.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: B
  Answer is B
  
  A. NAT Gateway: While Lambda functions in a private subnet can access the internet through a NAT gateway, it's not recommended for S3 access due to potential latency and security concerns. S3 Gateway Endpoint provides a more secure and performant way.
  
  C. Same Subnet: Deploying S3 bucket and Lambda functions in the same subnet wouldn't require a special endpoint, but it's not a best practice. S3 buckets are regionally accessible services, keeping them separate from compute resources offers better security isolation.
  
  D. SQS Queue: While SQS can be used for communication between services, it's an unnecessary step in this scenario. The Lambda functions can directly write the incident response summary to the S3 bucket using the S3 Gateway Endpoint.
  
  👍 2
  aescudero512024/06/01
- 正解だと思う選択肢: B
  B: AWS PrivateLink and S3 Gateway Endpoint allow you to keep traffic between your VPC and S3 within the AWS network, avoiding the public internet.
  
  👍 2
  navid13652024/08/04
シャッフルモード

ユーザの投票

コメント(2)