Topic 1 Question 159
A global company handles a large amount of personally identifiable information (PII) through an internal web portal. The company’s application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the PII in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet.
What should a SysOps administrator do to meet the compliance requirement?
Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
Configure AWS Network Firewall to redirect traffic to the internal S3 address.
Modify the application to use the S3 path-style endpoint.
Set up a range of VPC network ACLs to redirect traffic to the internal S3 address.
ユーザの投票
コメント(4)
Ans: A!
👍 3Liongeek2022/11/16- 正解だと思う選択肢: A
Using the interface endpoint, applications in your on-premises data center can easily query S3 buckets over AWS Direct Connect or Site-to-Site VPN. https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
👍 3Xelnak2022/11/18 This question is written wrong. For S3 there is no interface VPC endpoint. S3 and DynamoDB uses VPC Gateway Endpoint. Interface VPC endpoints require ENI and S3 doesn't use it.
👍 2beznika2022/12/03
シャッフルモード