ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 949 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 949
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has a multi-tier web application. The application's internal service components are deployed on Amazon EC2 instances. The internal service components need to access third-party software as a service (SaaS) APIs that are hosted on AWS.

The company needs to provide secure and private connectivity from the application's internal services to the third-party SaaS application. The company needs to ensure that there is minimal public internet exposure.

Which solution will meet these requirements?

  • A. Implement an AWS Site-to-Site VPN to establish a secure connection with the third-party SaaS provider.
  • B. Deploy AWS Transit Gateway to manage and route traffic between the application's VPC and the third-party SaaS provider.
  • C. Configure AWS PrivateLink to allow only outbound traffic from the VPC without enabling the third-party SaaS provider to establish.
  • D. Use AWS PrivateLink to create a private connection between the application's VPC and the third-party SaaS provider.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by JunsK1e at Aug. 3, 2024, 11:07 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LeonSauveterre
3 months, 3 weeks ago
Selected Answer: D
C - PrivateLink exists because of its main benefit of bidirectional communication for secure access without public internet exposure. By doing this, you're restricting the SaaS provider's ability to establish sessions. Option C is misleading and just plain wrong. Option D alone is enough.
upvoted 3 times
...
spoved
6 months, 4 weeks ago
Selected Answer: D
https://docs.aws.amazon.com/prescriptive-guidance/latest/integrate-third-party-services/architecture-1.html It is limited to only TCP traffic and unidirectional communication. The third-party workloads cannot initiate communication back to your account.
upvoted 4 times
...
56ce46c
7 months, 1 week ago
I think C is corret 2. Restrict Inbound Traffic via Security Groups: To prevent the third-party SaaS provider from establishing inbound connections to your VPC, use Security Groups attached to the VPC Endpoint Interface. Outbound Traffic Allowed: Ensure that your security groups allow outbound traffic to the SaaS provider’s IP ranges or endpoints. Restrict Inbound Traffic: You should block all inbound traffic on the VPC Endpoint Interface by configuring the security group rules. For example: Inbound Rules: Block all traffic (or leave it empty). Outbound Rules: Allow outbound connections to the IP addresses or ports specified by the SaaS provider.
upvoted 1 times
...
komorebi
8 months, 3 weeks ago
Selected Answer: D
Answer is D
upvoted 3 times
...
JunsK1e
8 months, 3 weeks ago
Selected Answer: D
D is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago