Topic 1 Question 91
A company has applications that run on Amazon EC2 instances in a VPC. One of the applications needs to call the Amazon S3 API to store and read objects. According to the company's security regulations, no traffic from the applications is allowed to travel across the internet. Which solution will meet these requirements?
Configure an S3 gateway endpoint.
Create an S3 bucket in a private subnet.
Create an S3 bucket in the same AWS Region as the EC2 instances.
Configure a NAT gateway in the same subnet as the EC2 instances.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: A
Gateway endpoints provide reliable connectivity to Amazon S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC. It should be option A.
https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html
👍 17ArielSchivo2022/10/17 - 正解だと思う選択肢: A
CORRECT The correct solution is Option A (Configure an S3 gateway endpoint.)
A gateway endpoint is a VPC endpoint that you can use to connect to Amazon S3 from within your VPC. Traffic between your VPC and Amazon S3 never leaves the Amazon network, so it doesn't traverse the internet. This means you can access Amazon S3 without the need to use a NAT gateway or a VPN connection.
WRONG Option B (creating an S3 bucket in a private subnet) is not a valid solution because S3 buckets do not have subnets.
Option C (creating an S3 bucket in the same AWS Region as the EC2 instances) is not a requirement for meeting the given security regulations.
Option D (configuring a NAT gateway in the same subnet as the EC2 instances) is not a valid solution because it would allow traffic to leave the VPC and travel across the Internet.
👍 8Buruguduystunstugudunstuy2022/12/21 A is correct
👍 1Wpcorgan2022/11/21
シャッフルモード