Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 7 Question 22 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 22
Topic #: 7
[All SCS-C02 Questions]

A company wants to configure DNS Security Extensions (DNSSEC) for the company's primary domain. The company registers the domain with Amazon Route 53. The company hosts the domain on Amazon EC2 instances by using BIND.

What is the MOST operationally efficient solution that meets this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: C

In an AWS environment where a VPC has no internet access and requires communication with AWS services such as Secrets Manager, the most secure method is to use an interface VPC endpoint (AWS PrivateLink). This allows private connectivity to services like Secrets Manager, enabling AWS Lambda functions and other resources within the VPC to access Secrets Manager without requiring an internet gateway, NAT gateway, or VPN connection. Interface VPC endpoints are powered by AWS PrivateLink, a technology that enables private connectivity between AWS services using Elastic Network Interfaces (ENI) with private IPs in your VPCs. This option is more secure than creating a NAT gateway because it doesn't expose the resources to the internet and adheres to the principle of least privilege by providing direct access to only the required service.


by Aracelis at Jun 30, 2024, 03:29 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Serina
2 days ago
That's a valid point, Orville. Option B does seem to simplify the process by leveraging AWS services for key management. It could be a more secure and scalable solution.
upvoted 0 times
...
Latricia
3 days ago
I'd go with Option D. Migrating to Route 53 with DNSSEC and using AWS KMS for the KSK is a straightforward way to meet the requirement.
upvoted 0 times
...
Jospeh
4 days ago
Option B seems the most operationally efficient solution. Migrating the zone to Route 53 with DNSSEC signing enabled and using AWS KMS for the keys is a secure and managed approach.
upvoted 0 times
...
Orville
5 days ago
I disagree, I believe option B is more efficient. Migrating the zone to Route 53 with DNSSEC signing enabled and using AWS KMS for key management seems like a better approach.
upvoted 0 times
...
Serina
6 days ago
I think option A is the best solution. It involves configuring DNSSEC in BIND and creating ZSK and KSK keys.
upvoted 0 times
...
Dierdre
7 days ago
I'm leaning towards option B, it seems like a secure choice.
upvoted 0 times
...
Jodi
9 days ago
I disagree, I believe option C is more efficient.
upvoted 0 times
...
Donte
10 days ago
I think option A is the best solution.
upvoted 0 times
...

Save Cancel