ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 988 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 988
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company wants to use Amazon S3 for object storage. Users must be able to access the objects from devices that are connected to their on-premises private network or Amazon EC2 instances. The company has configured AWS Direct Connect and AWS Site-to-Site VPN as a backup. The company does not want to route S3 traffic over the public Internet. The company also requires all data that is stored in S3 buckets to be appropriately classified by data type with a tag named DataClassification.

Which combination of steps should a solutions architect take to meet these requirements? (Choose three.)

  • A. Configure a gateway VPC endpoint to securely route traffic from on premises to the S3 buckets. Configure an interface VPC endpoint to route traffic between the S3 buckets and EC2 instances over the AWS private network.
  • B. Configure an interface VPC endpoint to securely route traffic from on premises to the S3 buckets. Configure a gateway VPC endpoint to route traffic between the S3 buckets and EC2 instances over the AWS private network.
  • C. Configure Amazon GuardDuty to identify S3 buckets that are missing the DataClassification tag. Create an Amazon Simple Notification Service (Amazon SNS) topic. Deliver notifications to the topic whenever an untagged S3 bucket is identified.
  • D. Configure AWS Security Hub to identify S3 buckets that are missing the DataClassification tag. Create an Amazon Simple Notification Service (Amazon SNS) topic. Deliver notifications to the topic whenever an untagged S3 bucket is identified.
  • E. Configure AWS Config to identify S3 buckets that are missing the DataClassification tag. Generate a report of all resources that AWS Config identifies as missing the tag.
  • F. Configure Amazon Macie to scan all S3 buckets in the account on a scheduled basis. Integrate Macie with Amazon EventBridge (Amazon CloudWatch Events). Create an AWS Lambda function to validate the data classification inferred by Macie and to add the missing tag.
Show Suggested Answer Hide Answer
Suggested Answer: BEF 🗳️
by ggrodskiy at Dec. 7, 2022, 9:51 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
GOTJ
3 weeks, 5 days ago
Selected Answer: BEF
BEF seem correct, but I couldn't identify the requirement for bucket labelling (option "E"). It should be rewritten to something like "The company also requires all data that is stored in S3 buckets AND THE BUCKETS THEMSELVES to be appropriately classified by data type with a tag named DataClassification."
upvoted 1 times
...
Ebi
1 year, 2 months ago
BEF is correct
upvoted 1 times
...
3a632a3
1 year, 3 months ago
Selected Answer: BEF
AWS Config allows reporting of missing required tags. https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/implementing-and-enforcing-tagging.html#enforcement GuardDuty doesn't alert on missing tags. SecurityHub integrates AWS Config so it may be able to but only because of AWS Config it can't do it stand alone.
upvoted 1 times
...
SkyZeroZx
1 year, 10 months ago
Selected Answer: BEF
BEF makes sense
upvoted 2 times
...
SkyZeroZx
1 year, 10 months ago
Selected Answer: BE
BEF makes sense prefer AWS Config usualy use case is cloud resource compliance and validations than Aws Security Hub is more "security" and other topics
upvoted 2 times
...
Jesuisleon
1 year, 10 months ago
I prefer E to D. see the link: https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 1 times
...
dev112233xx
2 years ago
Selected Answer: BEF
BEF makes sense
upvoted 2 times
...
hobokabobo
2 years, 1 month ago
Selected Answer: BDF
A is wrong, we need B. Gateway for vpc and interface for remote. We can use Macie to intercept and find wrongly tagged Data which is F. As we can easily integrate Macy with security hub it makes sense to involve it. (D) E) may be possible but it lacks details and is in combination not as nice as the alternative. C) does not really make sense to me.
upvoted 2 times
...
zozza2023
2 years, 3 months ago
should be B interface Endpoint is needed for on-prem to S3 check this https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 1 times
...
ccort
2 years, 3 months ago
Selected Answer: BEF
Interface endpoint is needed for on-prem -> S3
upvoted 4 times
...
lunt
2 years, 3 months ago
Selected Answer: AEF
B - incorrect. Gateway endpoint only for local VPC. Remote access = interface endpoint. AEF
upvoted 2 times
...
Vash2303
2 years, 4 months ago
Selected Answer: BDF
B. on perm to S3 via interface endpoint and EC2 to S3 via gateway endpoint E. Macie crawal through all objects finds the untagged objects in S3. D. security hub display the findings from macie
upvoted 3 times
...
due
2 years, 4 months ago
Selected Answer: BDE
S3 , access the objects from devices that are connected to their on-premises private network or Amazon EC2 instances , no Internet + classified by data type with a tag. = interface VPC endpoint for on premises + AWS Security Hub + AWS Config.
upvoted 1 times
...
ggrodskiy
2 years, 4 months ago
Correct AEF
upvoted 2 times
ggrodskiy
2 years, 4 months ago
BEF https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago