Multiple Choice
A company currently runs a secure application on Amazon EC2 that takes files from on-premises locations through AWS Direct Connect, processes them, and uploads them to a single Amazon S3 bucket. The application uses HTTPS for encryption in transit to Amazon S3, and S3 server-side encryption to encrypt at rest. Which of the following changes should the Solutions Architect recommend to make this solution more secure without impeding application's performance?
A) Add a NAT gateway. Update the security groups on the EC2 instance to allow access to and from the S3 IP range only. Configure an S3 bucket policy that allows communication from the NAT gateway's Elastic IP address only.
B) Add a VPC endpoint. Configure endpoint policies on the VPC endpoint to allow access to the required Amazon S3 buckets only. Implement an S3 bucket policy that allows communication from the VPC's source IP range only.
C) Add a NAT gateway. Update the security groups on the EC2 instance to allow access to and from the S3 IP range only. Configure an S3 bucket policy that allows communication from the source public IP address of the on-premises network only.
D) Add a VPC endpoint. Configure endpoint policies on the VPC endpoint to allow access to the required S3 buckets only. Implement an S3 bucket policy that allows communication from the VPC endpoint only.
Correct Answer:
Verified
Correct Answer:
Verified
Q221: A company wants to ensure that the
Q222: A company is migrating its on-premises systems
Q223: An organization is having an application which
Q224: A large company experienced a drastic increase
Q225: A solutions architect has an operational workload
Q227: A company is running a web application
Q228: Which of following IAM policy elements lets
Q229: A large company is migrating its entire
Q230: An AWS customer has a web application
Q231: In regard to DynamoDB, when you create