Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 877 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 877
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third- party SaaS application also runs on AWS inside a VPC.
The company will consume the third-party SaaS application from inside a VPC. The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company's VPC. All permissions must conform to the principles of least privilege.
Which solution meets these requirements?

  • A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.
  • B. Create an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VPC. Configure network ACLs to limit access across the VPN tunnels.
  • C. Create a VPC peering connection between the third-party SaaS application and the company VPC. Update route tables by adding the needed routes for the peering connection.
  • D. Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by rajvee at Sept. 3, 2022, 4:38 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
pixepe
1 year, 10 months ago
A Reference architecture - https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html Note from documentation that Interface Endpoint is at client side In addition, it can have security groups as https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html
upvoted 1 times
...
AwsBRFan
1 year, 11 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html I was in doubt about security group, but thats possible You can change the security groups that are associated with the network interfaces for your interface endpoint. The security group rules control the traffic that is allowed to the endpoint network interface from the resources in your VPC.
upvoted 1 times
...
Ni_yot
2 years ago
A seems good. It meets all the criteria.
upvoted 1 times
...
cale
2 years, 1 month ago
I think its A... reason: https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html
upvoted 3 times
...
rajvee
2 years, 1 month ago
I think it is D: https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html
upvoted 1 times
rajvee
2 years, 1 month ago
but than again, it is is SaaS provide that creates the Service Endpoint, and Consumer created the Interface endpoint
upvoted 1 times
rajvee
2 years, 1 month ago
Change to 'A' because of above reason.
upvoted 1 times
rajvee
2 years, 1 month ago
but this line is unsettling "create a security group to limit the access to the endpoint. "
upvoted 1 times
...
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel