Free Preparation Discussions
MENU
Amazon Exam SCS-C02 Topic 2 Question 50 Discussion
Topic #: 2
[Logging and Monitoring]
A company hosts an application on Amazon EC2 instances. The application also uses Amazon S3 and Amazon Simple Queue Service (Amazon SQS). The application is behind an Application Load Balancer (ALB) and scales with AWS Auto Scaling.
The company's security policy requires the use of least privilege access, which has been applied to all existing AWS resources. A security engineer needs to implement private connectivity to AWS services.
Which combination of steps should the security engineer take to meet this requirement? (Select THREE.)
The correct answer is A, C, and E because they provide the most secure and efficient way to implement private connectivity to AWS services. Using interface VPC endpoints for Amazon SQS and gateway VPC endpoints for Amazon S3 allows the application to access these services without using public IP addresses or internet gateways. Modifying the endpoint policies on all VPC endpoints enables the security engineer to specify the SQS and S3 resources that the application uses and restrict access to other resources.
The other options are incorrect because they do not provide private connectivity to AWS services or they introduce unnecessary complexity or cost. Option B is incorrect because AWS Transit Gateway is used to connect multiple VPCs and on-premises networks, not to connect to AWS services. Option D is incorrect because modifying the IAM role applied to the EC2 instances is not sufficient to allow outbound traffic to the interface endpoints. The security group and route table associated with the interface endpoints also need to be configured. Option F is incorrect because AWS Firewall Manager is used to centrally manage firewall rules across multiple accounts and resources, not to connect to AWS services.
Hershel
2 days agoRamonita
8 days agoStephanie
13 days agoLeota
18 days agoKimi
23 days agoMagda
28 days agoDesire
1 month ago