ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 889 discussion

Exam question from Amazon's AWS-SysOps
Question #: 889
Topic #: 1
[All AWS-SysOps Questions]

A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint, into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.
Which solution meets these requirements?

  • A. Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.
  • B. Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.
  • C. Attach an IAM role to the Lambda function with read permissions to the database.
  • D. Move the database to a public subnet. Use security groups for secure access.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/
by binhdt2611 at May 6, 2021, 9:01 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
binhdt2611
Highly Voted 2 years, 9 months ago
I think A AWS Lambda now supports AWS PrivateLink which lets you create, manage, and invoke Lambda functions securely from inside your virtual private cloud (VPC) or on-premises data centers without exposing traffic to the public Internet. https://aws.amazon.com/blogs/aws/new-use-aws-privatelink-to-access-aws-lambda-over-private-aws-network/
upvoted 9 times
Saurabh3
10 hours, 23 minutes ago
We can use AWS PrivateLink to access the Lambda securely from inside VPC (meaning from EC2 instance running in private subnet). Here in the question, Lambda is trying to access the DB not other way around and how will you use AWS PrivateLink to access the DB?
upvoted 1 times
...
...
e45af42
Most Recent 1 week, 1 day ago
Selected Answer: B
B. Connect the Lambda function to the database VPC. Connect to the database using its private endpoint. By connecting the Lambda function to the same VPC as the database, the function can access the database using its private endpoint. This solution maintains the security of the database by keeping it in the private subnet and not exposing it to the public network.
upvoted 1 times
...
albert_kuo
10 months, 3 weeks ago
Selected Answer: A
To allow the Lambda function to access the database securely without compromising security, you can create an AWS PrivateLink interface endpoint for the Lambda function. AWS PrivateLink allows you to access services over a private connection within your VPC, without using public IP addresses. With this approach, the Lambda function can securely access the database using its private endpoint within the VPC.
upvoted 1 times
...
jjcode
2 years ago
D does not make sense at all for the answer, moving a DB into a public subnet is security violation...
upvoted 1 times
...
szl0144
2 years, 5 months ago
Selected Answer: B
the answer should be B
upvoted 1 times
...
sapien45
2 years, 7 months ago
Response is B. PrivateLink enables lamdba function to be invoked. The issue is that Lambda is INVOKING the Database, other wau=y aroubd, Much more sense to include Lamdba in the same VPC as the DB and access it from thre.
upvoted 3 times
...
raychen
2 years, 7 months ago
Answer is B. PrivateLink is for other services calling Lambda service, NOT for a specific Lambda function, or for Lambda function accessing other resources.
upvoted 1 times
...
gingerbytes
2 years, 8 months ago
A https://aws.amazon.com/about-aws/whats-new/2020/10/aws-lambda-now-supports-aws-privatelink/ AWS Lambda now supports AWS PrivateLink. With this feature you can manage and invoke Lambda functions from your Virtual Private Cloud (VPC) without exposing your traffic to the public internet. PrivateLink provides private connectivity between your VPCs and AWS services, like Lambda, on the private AWS network.
upvoted 1 times
...
TroyMcLure
2 years, 8 months ago
Correct Answer: A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago