ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 40 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 40
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is hosting an image-processing service on AWS in a VPC. The VPC extends across two Availability Zones. Each Availability Zone contains one public subnet and one private subnet.

The service runs on Amazon EC2 instances in the private subnets. An Application Load Balancer in the public subnets is in front of the service. The service needs to communicate with the internet and does so through two NAT gateways. The service uses Amazon S3 for image storage. The EC2 instances retrieve approximately 1 ТВ of data from an S3 bucket each day.

The company has promoted the service as highly secure. A solutions architect must reduce cloud expenditures as much as possible without compromising the service’s security posture or increasing the time spent on ongoing operations.

Which solution will meet these requirements?

  • A. Replace the NAT gateways with NAT instances. In the VPC route table, create a route from the private subnets to the NAT instances.
  • B. Move the EC2 instances to the public subnets. Remove the NAT gateways.
  • C. Set up an S3 gateway VPC endpoint in the VPAttach an endpoint policy to the endpoint to allow the required actions on the S3 bucket.
  • D. Attach an Amazon Elastic File System (Amazon EFS) volume to the EC2 instances. Host the images on the EFS volume.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by masetromain at Jan. 13, 2023, 10:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
masetromain
Highly Voted 1 year, 9 months ago
Selected Answer: C
C. Setting up an S3 gateway VPC endpoint in the VPC and attaching an endpoint policy to the endpoint will allow the EC2 instances to securely access the S3 bucket for image storage without the need for NAT gateways, reducing costs without compromising security or increasing ongoing operations. This option reduces the costs associated with the NAT gateways and allows for faster data retrieval from the S3 bucket as traffic does not have to go through the internet gateway.
upvoted 15 times
...
God_Is_Love
Highly Voted 1 year, 8 months ago
The only reason for C is - Gateway endpoints are not Billed and so cost effective (https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3) If the question changes from single region to across region, the answer would be B (overhead of NAT gateways and traversing TBs of data across NAT is expensive) because gateway endpoints are region specific
upvoted 7 times
anita_student
1 year, 8 months ago
B wouldn’t be highly secure and data transfer would also be slower
upvoted 1 times
...
...
8608f25
Most Recent 8 months, 4 weeks ago
Selected Answer: C
Option C is the most cost-effective solution that maintains the service’s security posture. An S3 gateway VPC endpoint allows private connections between the VPC and S3 without requiring traffic to go through the internet or NAT gateways. This eliminates the need for NAT gateways when accessing S3, which can significantly reduce costs, especially considering the 1 TB of data retrieved daily from S3. Endpoint policies ensure that the security posture is not compromised by allowing only the required actions on the specific S3 bucket.
upvoted 1 times
...
grire974
9 months, 3 weeks ago
Any chance someone could fix the typo in the correct answer; "VPC. Attach..." instead of VPAttach; terribly misleading.
upvoted 2 times
...
daz2023
1 year, 1 month ago
Selected Answer: C
C for using an endpoint.
upvoted 2 times
...
NikkyDicky
1 year, 4 months ago
C of course
upvoted 1 times
...
gameoflove
1 year, 5 months ago
Selected Answer: C
C is the Correct option as S3 Gateway will reduce the cost for NAT gateway
upvoted 2 times
...
mfsec
1 year, 7 months ago
Selected Answer: C
Set up an S3 gateway VPC endpoint
upvoted 3 times
...
dev112233xx
1 year, 7 months ago
Selected Answer: C
C - easy one ✅
upvoted 3 times
...
zozza2023
1 year, 9 months ago
Selected Answer: C
C for sure
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago