Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam PAS-C01 Topic 1 Question 10 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 10
Topic #: 1
[All PAS-C01 Questions]

A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.

Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.

What must the company do on AWS to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Bette at Jan 06, 2023, 02:04 AM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tamekia
14 days ago
I'm just wondering if the payroll SaaS provider has a sense of humor and accepts 'payroll@juggernaut.com' as an FQDN. Worth a shot, right?
upvoted 0 times
...
Samira
21 days ago
Option A is simple, but I don't know if I'd trust a security group to handle this critical requirement. Better to use a dedicated firewall solution.
upvoted 0 times
...
Huey
24 days ago
Hmm, Option C with the AWS WAF web ACL sounds interesting, but I'm not sure if that's the best fit for this scenario. Seems a bit overkill.
upvoted 0 times
...
Audra
25 days ago
I think Option D is the way to go. Adding an AWS Network Firewall and configuring the outbound rule seems like a more robust solution than just using a security group.
upvoted 0 times
Carlton
16 days ago
I think Option D is the best option too. It provides an extra layer of protection.
upvoted 0 times
...
Rosalia
17 days ago
I agree, Option D with the AWS Network Firewall sounds like a secure choice.
upvoted 0 times
...
...
Kate
1 months ago
Option B seems the most straightforward way to meet the requirements. Allowing only the FQDN of the payroll SaaS provider through the network ACL is a good approach.
upvoted 0 times
Flo
16 days ago
Agreed, filtering the FQDN through the network ACL is a secure method.
upvoted 0 times
...
Gail
19 days ago
Option B seems the most straightforward way to meet the requirements.
upvoted 0 times
...
...
Bobbye
2 months ago
I think option C could also work by adding an AWS WAF web ACL to the VPC. It's important to consider all options before making a decision.
upvoted 0 times
...
Junita
2 months ago
I agree with Owen. It's important to only allow the necessary outbound traffic to meet the security guidelines.
upvoted 0 times
...
Owen
2 months ago
I think the company should add an outbound rule to the security group of the SAP PO system to allow the FQDN of the payroll SaaS provider.
upvoted 0 times
...

Save Cancel