Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon PAS-C01 Exam - Topic 1 Question 10 Discussion

A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.What must the company do on AWS to meet these requirements?
A) Add an outbound rule to the security group of the SAP PO system to allow the FODN of the payroll SaaS provider and deny all other outbound traffic
B) Add an outbound rule to the network ACL of the subnet that contains the SAP PO system to allow the FQDN of the payroll SaaS provider and deny all other outbound traffic
C) Add an AWS WAF web ACL to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider
D) Add an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

Amazon PAS-C01 Exam - Topic 1 Question 10 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 10
Topic #: 1
[All PAS-C01 Questions]

A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.

Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.

What must the company do on AWS to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Bette at Jan 06, 2023, 02:04 AM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Joseph
7 months ago
I agree with A, keeping it simple is key!
upvoted 0 times
...
Mireya
7 months ago
Definitely need to use D for better security.
upvoted 0 times
...
Lashunda
7 months ago
Wait, can we really filter FQDNs like that?
upvoted 0 times
...
Ming
8 months ago
I think B might be better for subnet control.
upvoted 0 times
...
Andra
8 months ago
Sounds like option A is the way to go!
upvoted 0 times
...
Benedict
8 months ago
I think option D sounds promising since AWS Network Firewall can handle more complex rules, but I’m unsure if it’s necessary for just allowing an FQDN.
upvoted 0 times
...
Elbert
8 months ago
I feel like AWS WAF is more for web applications, so I'm hesitant about option C. It seems like it wouldn't fit the requirement for validating outbound traffic.
upvoted 0 times
...
Juan
8 months ago
This question seems similar to one we practiced about managing outbound rules. I think using a network ACL might be the right approach, but I can't recall the specifics.
upvoted 0 times
...
Arlette
8 months ago
I remember we discussed the importance of security groups for controlling outbound traffic, but I'm not sure if they can filter by FQDN directly.
upvoted 0 times
...
Staci
8 months ago
Okay, I've got a good feeling about this one. The time range selected must be the key factor in how the data is bucketed, right? I'll mark that as my answer.
upvoted 0 times
...
Timothy
8 months ago
This question seems pretty straightforward. I'm pretty confident that the correct answer is C - an EMR is electronically stored information about an individual's health status and health care.
upvoted 0 times
...
Aide
8 months ago
This reminds me of a practice question about denial-of-service attacks where the computer had similar symptoms. I wonder if that's the right answer here too?
upvoted 0 times
...
Tamekia
1 year ago
I'm just wondering if the payroll SaaS provider has a sense of humor and accepts 'payroll@juggernaut.com' as an FQDN. Worth a shot, right?
upvoted 0 times
Cheryl
12 months ago
Yeah, that way we can ensure that only the necessary outbound traffic is allowed.
upvoted 0 times
...
Vince
12 months ago
Adding an outbound rule to the security group of the SAP PO system seems like the best option.
upvoted 0 times
...
Charlesetta
12 months ago
I agree, we should stick to the FQDN provided by the payroll SaaS provider.
upvoted 0 times
...
Eden
1 year ago
That's a creative idea, but I don't think it will work. We need to follow the guidelines.
upvoted 0 times
...
...
Samira
1 year ago
Option A is simple, but I don't know if I'd trust a security group to handle this critical requirement. Better to use a dedicated firewall solution.
upvoted 0 times
...
Huey
1 year ago
Hmm, Option C with the AWS WAF web ACL sounds interesting, but I'm not sure if that's the best fit for this scenario. Seems a bit overkill.
upvoted 0 times
...
Audra
1 year ago
I think Option D is the way to go. Adding an AWS Network Firewall and configuring the outbound rule seems like a more robust solution than just using a security group.
upvoted 0 times
Fletcher
11 months ago
I'm leaning towards option C, adding an AWS WAF web ACL for extra protection.
upvoted 0 times
...
Barbra
12 months ago
I think option A could work too, just adding an outbound rule to the security group.
upvoted 0 times
...
Patria
12 months ago
I agree, option D with the AWS Network Firewall sounds like a secure choice.
upvoted 0 times
...
Romana
12 months ago
I would go with Option D as well. The AWS Network Firewall seems like a solid solution.
upvoted 0 times
...
Carlton
1 year ago
I think Option D is the best option too. It provides an extra layer of protection.
upvoted 0 times
...
Rosalia
1 year ago
I agree, Option D with the AWS Network Firewall sounds like a secure choice.
upvoted 0 times
...
...
Kate
1 year ago
Option B seems the most straightforward way to meet the requirements. Allowing only the FQDN of the payroll SaaS provider through the network ACL is a good approach.
upvoted 0 times
Marion
12 months ago
Definitely, it's important to follow corporate security guidelines.
upvoted 0 times
...
Flo
1 year ago
Agreed, filtering the FQDN through the network ACL is a secure method.
upvoted 0 times
...
Gail
1 year ago
Option B seems the most straightforward way to meet the requirements.
upvoted 0 times
...
...
Bobbye
1 year ago
I think option C could also work by adding an AWS WAF web ACL to the VPC. It's important to consider all options before making a decision.
upvoted 0 times
...
Junita
1 year ago
I agree with Owen. It's important to only allow the necessary outbound traffic to meet the security guidelines.
upvoted 0 times
...
Owen
1 year ago
I think the company should add an outbound rule to the security group of the SAP PO system to allow the FQDN of the payroll SaaS provider.
upvoted 0 times
...

Save Cancel