ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 751 discussion

Exam question from Amazon's AWS-SysOps
Question #: 751
Topic #: 1
[All AWS-SysOps Questions]

A security team is concerned that intellectual property might leak to the internet. A SysOps administrator must identify controls to address the potential problem.
The instances in question operate in a VPC and cannot be allowed to send traffic to the internet.
What should the SysOps administrator do to meet these requirements?

  • A. Add the following route to a route table for the subnets used by the instances: Destination: 0.0.0.0/0 Target: igw-xxxxxxxx
  • B. Ensure that the instances do not have Elastic IP addresses. Move the instances to a private subnet.
  • C. Enable enhanced networking on the instances. Move the instances to a private subnet.
  • D. Remove any routes that allow internet traffic from the route table associated with the instance's subnets.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by LuizMarques at May 24, 2021, 6:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LuizMarques
Highly Voted 2 years, 10 months ago
Answer is D. If the private subnet has a route to a NAT instance or Nat Gateway it would still be able to send traffic to the internet.
upvoted 10 times
...
albert_kuo
Most Recent 1 year, 1 month ago
Selected Answer: D
By removing any routes that allow internet traffic from the route table associated with the subnets where the instances reside, you can prevent the instances from sending traffic to the internet. This ensures that the instances are isolated and unable to establish outbound connections to the internet.
upvoted 1 times
...
gulu73
1 year, 6 months ago
Selected Answer: D
Answer is D
upvoted 2 times
...
Cyril_the_Squirl
2 years, 10 months ago
D is correct. The statements includes both NAT gateways in various subnets/AZs or IGW routing table in public subnet.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel