exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 142 discussion

A company has two AWS accounts: Account A and Account B. Each account has a VPC. An application that runs in the VPC in Account A needs to write to an Amazon S3 bucket in Account B. The application in Account A already has permission to write to the S3 bucket in Account B.

The application and the S3 bucket are in the same AWS Region. The company cannot send network traffic over the public internet.

Which solution will meet these requirements?

  • A. In both accounts, create a transit gateway and VPC attachments in a subnet in each Availability Zone. Update the VPC route tables.
  • B. Deploy a software VPN appliance in Account A. Create a VPN connection between the software VPN appliance and a virtual private gateway in Account B.
  • C. Create a VPC peering connection between the VPC in Account A and the VPC in Account B. Update the VPC route tables, network ACLs, and security groups to allow network traffic between the peered IP ranges
  • D. In Account A, create a gateway VPC endpoint for Amazon S3. Update the VPC route table in Account A.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
VerRi
3 months, 1 week ago
Selected Answer: D
Both C and D should work, but considering the scenario, it only requires writing to S3, and D has less operational overhead and better performance.
upvoted 2 times
...
adit
5 months ago
Selected Answer: C
Option C
upvoted 1 times
helloworldabc
2 months, 2 weeks ago
just D
upvoted 1 times
...
...
cumzle_com
5 months, 2 weeks ago
Selected Answer: D
By using a gateway VPC endpoint, the solution remains within the AWS network, ensuring low latency and secure traffic flow without the need for additional infrastructure and complexity
upvoted 1 times
...
grekh001
6 months, 1 week ago
D. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
upvoted 1 times
...
Certified101
6 months, 2 weeks ago
Selected Answer: D
D 100000%%
upvoted 4 times
...
Nash101
6 months, 2 weeks ago
C A. Transit Gateway: While transit gateways can connect multiple VPCs, they are more complex to set up and manage compared to VPC peering for this specific scenario. They might be a better choice for intricate multi-account VPC connectivity needs. B. Software VPN: A software VPN creates a secure tunnel over the internet, which violates the requirement of avoiding public internet traffic. Additionally, VPNs can introduce performance overhead and management complexity. D. Gateway VPC Endpoint for S3: This option utilizes a Gateway VPC endpoint for S3 access within the VPC in Account A. However, it only allows access to S3 within the same account (Account A). The application needs access to the S3 bucket in a different account (Account B).
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...