Topic 1 Question 151
2 つ選択A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet. Which solutions will meet these requirements?
Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
Use rules in AWS WAF to prevent internet access. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.
Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet access. Deny access to all AWS Regions except ap-northeast-3.
Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS Region other than ap-northeast-3.
Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of ap-northeast-3.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: AC👍 13Six_Fingered_Jose2022/10/26
https://aws.amazon.com/blogs/aws/new-for-aws-control-tower-region-deny-and-guardrails-to-help-you-meet-data-residency-requirements/ *Disallow internet access for an Amazon VPC instance managed by a customer
👍 9rjam2022/11/15- 正解だと思う選択肢: CE
A - CANNOT BE!!! AWS Control Tower is not available in ap-northeast-3! Check your consolle.
👍 4AlessandraSAA2023/03/15
シャッフルモード