Multiple Choice
A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in us-west-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. How should an engineer configure the network to meet these requirements?
A) Configure an AWS Direct Connect private virtual interface to the company's AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
B) Configure a VPN connection to the company's AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
C) Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy to send traffic to Amazon S3 over a Direct Connect connection.
D) Configure a VPN connection to the company's AWS VPC in us-west-2. Create a NAT gateway and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
Correct Answer:
Verified
Correct Answer:
Verified
Q96: Which service parses large Flow Logs for
Q97: You have a three-tier web application with
Q98: AWS CloudTrail can be configured to _
Q99: A Network Engineer has enabled VPC Flow
Q100: Your AWS WorkSpaces users are unable to
Q102: Which one of these healthcheck reason codes
Q103: The Web Application Development team is worried
Q104: A customer is using ABC Telecom as
Q105: An unfortunate situation has just come to
Q106: Which service would you use to see