ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 950 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 950
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems.

Which solution meets these requirements?

  • A. Configure AWS Direct Connect to connect to the VPC. Configure the VPC route tables to allow and deny traffic between AWS and on premises as required.
  • B. Create an IAM policy to allow access to the AWS Management Console only from a defined set of corporate IP addresses. Restrict user access based on job responsibility by using an IAM policy and roles.
  • C. Configure AWS Site-to-Site VPN to connect to the VPConfigure route table entries to direct traffic from on premises to the VPConfigure instance security groups and network ACLs to allow only required traffic from on premises.
  • D. Configure AWS Transit Gateway to connect to the VPC. Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by JunsK1e at Aug. 3, 2024, 11:10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Abbas_Abi_AWS
Highly Voted 8 months, 2 weeks ago
Selected Answer: C
AWS Direct Connect does not provide encryption by itself; it is often used in conjunction with VPN for encrypted traffic. Direct Connect primarily offers a dedicated connection and does not inherently satisfy the encryption requirement.
upvoted 6 times
...
LeonSauveterre
Most Recent 3 months, 3 weeks ago
Selected Answer: C
A - Direct Connect provides private connectivity but does not inherently include encryption. B - IAM policies is irrelevent. C - AWS Site-to-Site VPN uses IPsec (network layer) and SSL/TLS (session layer) to encrypt all traffic between the on-premises network and the AWS VPC. D - Just like option A.
upvoted 2 times
...
Anyio
4 months ago
Selected Answer: C
The correct answer is C. Configure AWS Site-to-Site VPN to connect to the VPC. Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises. Explanation: Option C: Correct. AWS Site-to-Site VPN offers encrypted network connections over the internet, providing encryption of all traffic at the network layer (IPsec) between the on-premises network and the VPC. Moreover, by using route tables, security groups, and network ACLs, you can carefully control the flow of traffic and restrict access, thereby meeting the requirement of preventing unrestricted access.
upvoted 2 times
...
blehbleh
6 months, 2 weeks ago
Selected Answer: C
This is C, but not for all the reasons everyone is posting. D, also encrypts traffic and works at the network layer and also has security controls to prevent unrestricted access between AWS and on-premises systems. So, if you thought D like I did initially you were very close. The reason it is C, is because C works at both the network and session layer while doing all the other requirements as well. Where as D only works at the network layer. Happy studying!
upvoted 4 times
...
[Removed]
8 months, 1 week ago
Selected Answer: C
C is correct
upvoted 2 times
...
komorebi
8 months, 3 weeks ago
Selected Answer: D
Answer is D
upvoted 1 times
FlyingHawk
3 months, 1 week ago
Inter-Region gateway peering uses the same network infrastructure as VPC peering. Therefore traffic is encrypted using AES-256 encryption at the virtual network layer as it travels between Regions. Traffic is also encrypted using AES-256 encryption at the physical layer when it traverses network links that are outside of the physical control of AWS. As a result, traffic is double encrypted on network links outside the physical control of AWS. Within the same Region, traffic is encrypted at the physical layer only when it traverses network links that are outside of the physical control of AWS.
upvoted 1 times
...
...
JunsK1e
8 months, 3 weeks ago
Selected Answer: C
C is correct question needs to access between on prem and AWS
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago