Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 12 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 12
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third-party SaaS application also runs on AWS inside a VPC.
The company will consume the third-party SaaS application from inside a VPC. The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company’s VPC. All permissions must conform to the principles of least privilege.
Which solution meets these requirements?

  • A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.
  • B. Create an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VPC. Configure network ACLs to limit access across the VPN tunnels.
  • C. Create a VPC peering connection between the third-party SaaS application and the company VPUpdate route tables by adding the needed routes for the peering connection.
  • D. Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by robertohyena at Dec. 11, 2022, 1:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Raj40
Highly Voted 1 year, 11 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html
upvoted 19 times
...
masetromain
Highly Voted 1 year, 11 months ago
Selected Answer: A
I go with A
upvoted 8 times
masetromain
1 year, 9 months ago
A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint. This solution uses AWS PrivateLink, which creates a secure and private connection between the company's VPC and the third-party SaaS application VPC, without the traffic traversing the internet. The use of a security group and limiting access to the endpoint service conforms to the principle of least privilege.
upvoted 11 times
...
...
2aldous
Most Recent 1 month, 2 weeks ago
Selected Answer: A
Access Saas products throgh AWS Private Link is the answer.
upvoted 1 times
...
SkyZeroZx
1 month, 2 weeks ago
Selected Answer: A
Create an AWS PrivateLink interface VPC endpoint.
upvoted 1 times
...
NikkyDicky
1 month, 2 weeks ago
Selected Answer: A
it s a
upvoted 1 times
...
cattle_rei
1 month, 2 weeks ago
Selected Answer: A
It's A because in this scenario we are consuming a service , not providing one, so that eliminates E .
upvoted 1 times
...
shaaam80
1 month, 2 weeks ago
Selected Answer: A
Answer - A. VPC Interface end point to access any service privately without traversing the internet. AWS Private Link VPC endpoint to access the SaaS application.
upvoted 1 times
...
atirado
1 month, 2 weeks ago
Selected Answer: A
Option A - The interface VPC Endpoint will provide local access to the SaaS service from within the company's VPC. Moreover, traffic to and access from the SaaS VPC will traverse the AWS network rather than the internet. This is considered private traffic. Option B - This option might not work: Nothing is said about whether the CIDR blocks in each VPC overlap. Moreover, nothing is said about whether bandwidth limitations on Site-Site VPN could be an issue. Option C - This option might not work: Nothing is said about whether the CIDR blocks in each VPC overlap. Option D - This option will not work: A PrivateLink Endpoint service is used for facilitating access to AWS services.
upvoted 2 times
...
gofavad926
1 month, 2 weeks ago
Selected Answer: A
A, the service provider creates an endpoint service and grants their customers access to the endpoint service. As the service consumer, you create an interface VPC endpoint, which establishes connections between one or more subnets in your VPC and the endpoint service.
upvoted 1 times
...
amministrazione
2 months, 1 week ago
A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.
upvoted 1 times
...
severlight
12 months ago
Selected Answer: A
obvious
upvoted 1 times
...
senthilsekaran
1 year ago
Correct Answer : A
upvoted 1 times
...
task_7
1 year, 1 month ago
Selected Answer: D
A VS D A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. D. Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service D is right SaaS provider has create interface VPC endpoint for this endpoint service
upvoted 4 times
_Jassybanga_
9 months ago
exactly , we need to access the resource from SAAS Provider and not vice versa , Hence in this case the VPC Gateway endpoint should be provided from SAAS Provider for the privatelink endpoint we provide it to them - we use this for Snowflake Saas :)
upvoted 1 times
...
...
whenthan
1 year, 2 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html https://aws.amazon.com/blogs/apn/enabling-new-saas-strategies-with-aws-privatelink/
upvoted 1 times
...
mfsec
1 year, 7 months ago
Selected Answer: A
Create an AWS PrivateLink interface VPC endpoint.
upvoted 1 times
...
kiran15789
1 year, 8 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html
upvoted 1 times
...
ptpho
1 year, 10 months ago
It's A .clearly
upvoted 4 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel