Topic 1 Question 992

AWS Certified Solutions Architect - Associate

Topic 1 Question 992
A company's software development team needs an Amazon RDS Multi-AZ cluster. The RDS cluster will serve as a backend for a desktop client that is deployed on premises. The desktop client requires direct connectivity to the RDS cluster.

The company must give the development team the ability to connect to the cluster by using the client when the team is in the office.

Which solution provides the required connectivity MOST securely?
- Create a VPC and two public subnets. Create the RDS cluster in the public subnets. Use AWS Site-to-Site VPN with a customer gateway in the company's office.
- Create a VPC and two private subnets. Create the RDS cluster in the private subnets. Use AWS Site-to-Site VPN with a customer gateway in the company's office.
- Create a VPC and two private subnets. Create the RDS cluster in the private subnets. Use RDS security groups to allow the company's office IP ranges to access the cluster.
- Create a VPC and two public subnets. Create the RDS cluster in the public subnets. Create a cluster user for each developer. Use RDS security groups to allow the users to access the cluster.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
  This is B site to site von adds additional security. We are going for more secure.
  
  👍 6
  blehbleh2024/10/09
- 正解だと思う選択肢: B
  The Correct Answer is B. Explanation: VPC and Private Subnets: By placing the RDS cluster in private subnets, you ensure that the RDS cluster is not publicly accessible from the internet. This significantly improves security as the database is only accessible through secure channels, not directly from the public internet.
  
  AWS Site-to-Site VPN: Using a Site-to-Site VPN establishes a secure, encrypted connection between the on-premises office and the AWS environment. This provides secure access to the RDS cluster without exposing it to the internet, ensuring that the developers can only access the cluster when connected to the office network.
  
  Customer Gateway: The customer gateway is configured in the company's office to handle the VPN connection, providing secure connectivity for the desktop client to the RDS cluster when the development team is in the office.
  
  👍 6
  Bwhizzy2024/10/15
- 正解だと思う選択肢: C
  The goal is to limit the team to only being in the office to be in the RDS cluster, so wouldn't checking IP ranges based on the office network rather than bringing up the internet be better suited to what you really need?
  
  👍 3
  kbgsgsgs2024/10/04
シャッフルモード

ユーザの投票

コメント(3)