ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 811 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 811
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company wants to set up Amazon Managed Grafana as its visualization tool. The company wants to visualize data from its Amazon RDS database as one data source. The company needs a secure solution that will not expose the data over the internet.

Which solution will meet these requirements?

  • A. Create an Amazon Managed Grafana workspace without a VPC. Create a public endpoint for the RDS database. Configure the public endpoint as a data source in Amazon Managed Grafana.
  • B. Create an Amazon Managed Grafana workspace in a VPC. Create a private endpoint for the RDS database. Configure the private endpoint as a data source in Amazon Managed Grafana.
  • C. Create an Amazon Managed Grafana workspace without a VPCreate an AWS PrivateLink endpoint to establish a connection between Amazon Managed Grafana and Amazon RDS. Set up Amazon RDS as a data source in Amazon Managed Grafana.
  • D. Create an Amazon Managed Grafana workspace in a VPC. Create a public endpoint for the RDS database. Configure the public endpoint as a data source in Amazon Managed Grafana.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by osmk at March 10, 2024, 10:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sergiuss95
Highly Voted 9 months, 1 week ago
Selected Answer: B
I think is b. Private endpoint sounds like private vpc endpoint, that is equals to privatelink
upvoted 5 times
...
Bazzix
Highly Voted 10 months, 3 weeks ago
Selected Answer: B
B is correct
upvoted 5 times
...
LeonSauveterre
Most Recent 1 month, 1 week ago
Selected Answer: B
A & D are out, because they're using public endpoints, which causes exposure over the Internet. Why C is wrong: If the Grafana workspace is not in a VPC, it cannot use PrivateLink endpoints. PrivateLink endpoints must reside within a VPC. If Grafana is outside the VPC, PrivateLink cannot establish the required secure, private connection.
upvoted 2 times
...
ARV14
2 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints.html , https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-managed-grafana-connection-data-sources-hosted-virtual-private-cloud/
upvoted 1 times
FlyingHawk
1 week, 5 days ago
By default, traffic from your Amazon Managed Grafana workspace to data sources or notification channels flows via the public Internet. This limits the connectivity from your Amazon Managed Grafana workspace to services that are publicly accessible. If you want to connect to private-facing data sources that are within a VPC, or keep traffic local to a VPC, you can connect your Amazon Managed Grafana workspace to the Amazon Virtual Private Cloud (Amazon VPC) hosting these data sources. After you configure the VPC data source connection, all traffic flows via your VPC.
upvoted 1 times
...
...
chest_jd
2 months, 3 weeks ago
Selected Answer: B
Choice B or C could be resolved in this way: B. Create an Amazon Managed Grafana workspace in a VPC C. Create an Amazon Managed Grafana workspace without a VPC As far as I know we cannot create workspace without VCP
upvoted 3 times
...
tonybuivannghia
3 months, 1 week ago
Selected Answer: C
After searching effort, I agree C is correct because AMG workspace can't include in VPC. When you have not configured a private VPC, and Amazon Managed Grafana is connecting to publicly accessible data sources, it connects to some AWS services in the same region via AWS PrivateLink. This includes services such as CloudWatch, Amazon Managed Service for Prometheus and AWS X-Ray. Traffic to those services does not flow via the public Internet.
upvoted 1 times
...
NSA_Poker
6 months, 1 week ago
Selected Answer: C
(B or C)?-1 = Do we create AMG workspace in a VPC OR do we create AMG workspace without a VPC? AMG is NOT created within a VPC; AMG connects to a VPC. "Currently, you can connect one Amazon Managed Grafana workspace to one VPC endpoint in the same region and same account. However, you can use Virtual Private Cloud peering or AWS Transit Gateway to connect the cross-region or cross-account VPCs, then connect the select the VPC endpoint that’s in the same account and same region as your Amazon Managed Grafana workspace." -FAQs (C) is correct.
upvoted 3 times
NSA_Poker
6 months, 1 week ago
(B or C)?-2 = private endpoint OR AWS PrivateLink? The brand-name is more correct. (B or C)?-3 = Configure the private endpoint as a data source OR Set up Amazon RDS as a data source? In the AMG console, after clicking on Data sources, you'll see a list of AWS services (Athena, Redshift etc) NOT network endpoints. After selecting RDS, you can further specify the Region & Resource ID. (B) eliminated. (C) is correct.
upvoted 1 times
LeonSauveterre
1 month, 1 week ago
You're missing out PrivateLink in option C.
upvoted 1 times
...
...
...
EdricHoang
7 months, 2 weeks ago
Selected Answer: B
Its B. C is also a valid choice "Not exposing to the internet" is letting me eliminate C
upvoted 3 times
NSA_Poker
6 months, 4 weeks ago
(B) "a private endpoint" & (C) "an AWS PrivateLink endpoint" do NOT expose traffic to the internet. (A & D) eliminated. "a public endpoint for the RDS database" would "expose the data over the internet"
upvoted 1 times
...
...
ike001
7 months, 3 weeks ago
B as you need to create Managed Grafana workspace with a VPC for private access https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-nac.html
upvoted 2 times
NSA_Poker
6 months, 1 week ago
(B) doesn't say 'with a VPC'; it says "..Grafana workspace IN A VPC." (B) eliminated. (C) is correct.
upvoted 1 times
...
...
Nm55569
8 months, 1 week ago
Selected Answer: B
https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-managed-grafana-connection-data-sources-hosted-virtual-private-cloud/
upvoted 3 times
...
sandordini
9 months, 2 weeks ago
I guess they mean C, But again, it's strange... IMO B would also work... There is no requirement for the least effort... Pls, correct me if I'm wrong...
upvoted 2 times
...
venutadi
9 months, 2 weeks ago
Selected Answer: C
Once you configure direct connectivity between a Grafana workspace and a VPC, Amazon Managed Grafana creates and manages an elastic network interface (ENI) per subnet to connect to the VPC. This enables the Grafana workspace to connect to data sources within the VPC, such as OpenSearch domains or RDS databases. Additionally, all traffic is now routed through the configured VPC, including alert destination and data source connectivity.
upvoted 4 times
...
VortexMD
10 months, 2 weeks ago
AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by AWS Partners and supported solutions available in AWS Marketplace.
upvoted 1 times
VortexMD
10 months, 2 weeks ago
https://aws.amazon.com/blogs/mt/announcing-private-vpc-data-source-support-for-amazon-managed-grafana/
upvoted 1 times
...
...
osmk
11 months ago
Selected Answer: C
cccc ccc
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago