exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 164 discussion

A company has created a set of AWS Lambda functions to automate incident response steps for incidents that occur on Amazon EC2 instances. The Lambda functions need to collect relevant artifacts, such as instance ID and security group configuration. The Lambda functions must then write a summary to an Amazon S3 bucket.

The company runs its workloads in a VPC that uses public subnets and private subnets. The public subnets use an internet gateway to access the internet. The private subnets use a NAT gateway to access the internet.

All network traffic to Amazon S3 that is related to the incident response process must use the AWS network. This traffic must not travel across the internet.

Which solution will meet these requirements?

  • A. Deploy the Lambda functions to a private subnet in the VPC. Configure the Lambda functions to access the S3 service through the NAT gateway.
  • B. Deploy the Lambda functions to a private subnet in the VPC. Create an S3 gateway endpoint to access the S3 service.
  • C. Deploy the S3 bucket and the Lambda functions in the same private subnet. Configure the Lambda functions to use the default endpoint for the S3 service.
  • D. Deploy an Amazon Simple Queue Service (Amazon SQS) queue and the Lambda functions in the same private subnet. Configure the Lambda functions to send data to the SQS queue. Configure the SQS queue to send data to the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
navid1365
4 months ago
Selected Answer: B
B: AWS PrivateLink and S3 Gateway Endpoint allow you to keep traffic between your VPC and S3 within the AWS network, avoiding the public internet.
upvoted 2 times
...
aescudero51
6 months ago
Selected Answer: B
Answer is B A. NAT Gateway: While Lambda functions in a private subnet can access the internet through a NAT gateway, it's not recommended for S3 access due to potential latency and security concerns. S3 Gateway Endpoint provides a more secure and performant way. C. Same Subnet: Deploying S3 bucket and Lambda functions in the same subnet wouldn't require a special endpoint, but it's not a best practice. S3 buckets are regionally accessible services, keeping them separate from compute resources offers better security isolation. D. SQS Queue: While SQS can be used for communication between services, it's an unnecessary step in this scenario. The Lambda functions can directly write the incident response summary to the S3 bucket using the S3 Gateway Endpoint.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago