Multiple Choice
A company's application runs in a VPC and stores sensitive data in Amazon S3. The application's Amazon EC2 instances are located in a private subnet with a NAT gateway deployed in a public subnet to provide access to Amazon S3. The S3 bucket is located in the same AWS Region as the EC2 instances. The company wants to ensure that this bucket can be accessed only from the VPC where the application resides. Which changes should a network engineer make to the architecture to meet these requirements?
A) Delete the existing S3 bucket and create a new S3 bucket inside the VPC in the private subnet. Configure the S3 security group to allow only the application instances to access the bucket.
B) Deploy an S3 VPC endpoint in the VPC where the application resides. Configure an S3 bucket policy with a condition to allow access only from the VPC endpoint.
C) Configure an S3 bucket policy, and use an IP address condition to restrict access to the bucket. Allow access only from the VPC CIDR range, and deny all other IP address ranges.
D) Create a new IAM role for the EC2 instances that provides access to the S3 bucket, and assign the role to the application instances. Configure an S3 bucket policy to allow access only from the role.
Correct Answer:
Verified
Correct Answer:
Verified
Q215: An organization has multiple applications running in
Q216: A company has a hybrid IT architecture
Q217: Your organization has a newly installed 1-Gbps
Q218: Your company maintains an Amazon Route 53
Q219: Considering your knowledge of both the OSI
Q221: You need to find the MTU used
Q222: You have been asked to monitor traffic
Q223: You need to set up an Amazon
Q224: An organization processes consumer information submitted through
Q225: Which is not a valid Route 53