Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 480 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03

Question #: 480
Topic #: 1

[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

A. AWS Key Management Service (AWS KMS)
B. VPC endpoint
C. Private subnet
D. Virtual private gateway

Show Suggested Answer

Suggested Answer: B 🗳️

by cloudenthusiast at May 18, 2023, 7:10 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

cloudenthusiast

Highly Voted 1 year, 3 months ago

Selected Answer: B

A VPC endpoint enables you to privately access AWS services without requiring internet gateways, NAT gateways, VPN connections, or AWS Direct Connect connections. It allows you to connect your VPC directly to supported AWS services, such as Amazon S3, over a private connection within the AWS network. By creating a VPC endpoint for Amazon S3, the traffic between your EC2 instances and S3 will stay within the AWS network and won't traverse the public internet. This provides a more secure and compliant solution, as the data transfer remains within the private network boundaries.

upvoted 10 times

...