Topic 1 Question 950
A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems.
Which solution meets these requirements?
Configure AWS Direct Connect to connect to the VPC. Configure the VPC route tables to allow and deny traffic between AWS and on premises as required.
Create an IAM policy to allow access to the AWS Management Console only from a defined set of corporate IP addresses. Restrict user access based on job responsibility by using an IAM policy and roles.
Configure AWS Site-to-Site VPN to connect to the VPConfigure route table entries to direct traffic from on premises to the VPConfigure instance security groups and network ACLs to allow only required traffic from on premises.
Configure AWS Transit Gateway to connect to the VPC. Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: C
AWS Direct Connect does not provide encryption by itself; it is often used in conjunction with VPN for encrypted traffic. Direct Connect primarily offers a dedicated connection and does not inherently satisfy the encryption requirement.
👍 6Abbas_Abi_AWS2024/08/10 - 正解だと思う選択肢: C
C is correct question needs to access between on prem and AWS
👍 4JunsK1e2024/08/03 - 正解だと思う選択肢: C
This is C, but not for all the reasons everyone is posting. D, also encrypts traffic and works at the network layer and also has security controls to prevent unrestricted access between AWS and on-premises systems.
So, if you thought D like I did initially you were very close. The reason it is C, is because C works at both the network and session layer while doing all the other requirements as well. Where as D only works at the network layer.
Happy studying!
👍 3blehbleh2024/10/09
シャッフルモード