Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 164 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 164
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has created a set of AWS Lambda functions to automate incident response steps for incidents that occur on Amazon EC2 instances. The Lambda functions need to collect relevant artifacts, such as instance ID and security group configuration. The Lambda functions must then write a summary to an Amazon S3 bucket.

The company runs its workloads in a VPC that uses public subnets and private subnets. The public subnets use an internet gateway to access the internet. The private subnets use a NAT gateway to access the internet.

All network traffic to Amazon S3 that is related to the incident response process must use the AWS network. This traffic must not travel across the internet.

Which solution will meet these requirements?

  • A. Deploy the Lambda functions to a private subnet in the VPC. Configure the Lambda functions to access the S3 service through the NAT gateway.
  • B. Deploy the Lambda functions to a private subnet in the VPC. Create an S3 gateway endpoint to access the S3 service.
  • C. Deploy the S3 bucket and the Lambda functions in the same private subnet. Configure the Lambda functions to use the default endpoint for the S3 service.
  • D. Deploy an Amazon Simple Queue Service (Amazon SQS) queue and the Lambda functions in the same private subnet. Configure the Lambda functions to send data to the SQS queue. Configure the SQS queue to send data to the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by aescudero51 at June 1, 2024, 5:03 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
navid1365
2 months ago
Selected Answer: B
B: AWS PrivateLink and S3 Gateway Endpoint allow you to keep traffic between your VPC and S3 within the AWS network, avoiding the public internet.
upvoted 1 times
...
aescudero51
4 months ago
Selected Answer: B
Answer is B A. NAT Gateway: While Lambda functions in a private subnet can access the internet through a NAT gateway, it's not recommended for S3 access due to potential latency and security concerns. S3 Gateway Endpoint provides a more secure and performant way. C. Same Subnet: Deploying S3 bucket and Lambda functions in the same subnet wouldn't require a special endpoint, but it's not a best practice. S3 buckets are regionally accessible services, keeping them separate from compute resources offers better security isolation. D. SQS Queue: While SQS can be used for communication between services, it's an unnecessary step in this scenario. The Lambda functions can directly write the incident response summary to the S3 bucket using the S3 Gateway Endpoint.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel