exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 875 discussion

A company runs an application on Amazon EC2 instances in a private subnet. The application needs to store and retrieve data in Amazon S3 buckets. According to regulatory requirements, the data must not travel across the public internet.

What should a solutions architect do to meet these requirements MOST cost-effectively?

  • A. Deploy a NAT gateway to access the S3 buckets.
  • B. Deploy AWS Storage Gateway to access the S3 buckets.
  • C. Deploy an S3 interface endpoint to access the S3 buckets.
  • D. Deploy an S3 gateway endpoint to access the S3 buckets.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
LeonSauveterre
3 months ago
Selected Answer: D
About option C - S3 Interface Endpoint 1. Creates a private network interface (ENI) in your VPC that connects to Amazon S3. 2. Provides granular IAM-based controls at the operation level. 3. Typically much more expensive due to the cost associated with the network interface and data processing charges. About option D - S3 Gateway Endpoint: 1. Creates a route entry in the VPC route table for accessing S3 without crossing the public internet. 2. Simpler and more cost-effective for high-volume S3 access, as there are no additional data processing charges or interface costs. 3. Doesn't support granular IAM controls per operation, but bucket policies can be used for access control so that's good.
upvoted 1 times
...
JA2018
3 months, 2 weeks ago
Selected Answer: C
Why I opt for Option C? #Private Access: It allows direct access to S3 buckets from a private subnet without data traversing the public internet, meeting the regulatory requirement. #Cost-Effective: Compared to other options, utilizing an S3 interface endpoint is generally the most cost-efficient way to achieve private access to S3. #Summary: When data needs to stay within a private network, use an S3 interface endpoint to access S3 buckets. Always consider the specific regulatory requirements and cost implications when choosing a solution.
upvoted 1 times
...
mk168898
5 months, 1 week ago
no internet and need access to s3 => s3 gateway endpoint
upvoted 2 times
...
KennethNg923
9 months, 2 weeks ago
Selected Answer: D
Gateway endpoint free, so definitely interface end point expensive than it
upvoted 4 times
...
Scheldon
10 months ago
Selected Answer: D
AnswerD https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html taking into consideration that in both cases (s3 Instance Endpoint and S3Gateway endpoint), network traffic remains on the AWS network we need to think about other data which we have. For example application is in AWS cloud hence there is no need for access from on-premises. in that situation S3 Gateway endpoint seems to be better (and it is for free) https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3
upvoted 4 times
...
Hkayne
11 months, 2 weeks ago
Selected Answer: D
D for sure.
upvoted 2 times
...
BatVanyo
11 months, 2 weeks ago
Selected Answer: D
Gateway endpoints are free.
upvoted 3 times
...
awsshare
11 months, 3 weeks ago
Selected Answer: D
Sorry, I think D is the correct option. Gateway endpoint is cheaper than Interface endpoint
upvoted 2 times
...
Tanidanindo
11 months, 3 weeks ago
Selected Answer: D
Gateway endpoint for S3
upvoted 4 times
...
awsshare
11 months, 3 weeks ago
Selected Answer: C
should be C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago