ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 142 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 142
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has developed APIs that use Amazon API Gateway with Regional endpoints. The APIs call AWS Lambda functions that use API Gateway authentication mechanisms. After a design review, a solutions architect identifies a set of APIs that do not require public access.

The solutions architect must design a solution to make the set of APIs accessible only from a VPC. All APIs need to be called with an authenticated user

Which solution will meet these requirements with the LEAST amount of effort?

  • A. Create an internal Application Load Balancer (ALB). Create a target group. Select the Lambda function to call. Use the ALB DNS name to call the API from the VPC.
  • B. Remove the DNS entry that is associated with the API in API Gateway. Create a hosted zone in Amazon Route 53. Create a CNAME record in the hosted zone. Update the API in API Gateway with the CNAME record. Use the CNAME record to call the API from the VPC.
  • C. Update the API endpoint from Regional to private in API Gateway. Create an interface VPC endpoint in the VPCreate a resource policy, and attach it to the API. Use the VPC endpoint to call the API from the VPC.
  • D. Deploy the Lambda functions inside the VPC Provision an EC2 instance, and install an Apache server. From the Apache server, call the Lambda functions. Use the internal CNAME record of the EC2 instance to call the API from the VPC.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zhangyu20000 at Jan. 16, 2023, 3:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bjexamprep
Highly Voted 1 year, 1 month ago
Selected Answer: C
Bad question design. None of the answers is correct. None of the answers mentions how to satisfy the requirement of "All APIs need to be called with an authenticated user". Another requirement "make the set of APIs accessible only from a VPC". "the set" doesn't mean the whole set. Here "the set" means a part of the whole set. A: The set of APIs are still publicly accessible. B: Removing DNS entry doesn't remove the public accessibility. C: This is making the whole set of APIs private. If this answer can be specific to "the set" APIs, this could be a good answer. D: Using EC2 instances is always a bad answer.
upvoted 11 times
altonh
3 weeks ago
Agree. The proper solution should be: Create a new private API GW and move those private APIs to this newly created API GW.
upvoted 1 times
...
toma
7 months, 2 weeks ago
there is only set of APIs that do not require public access, you dont need all APIs private access? so it could be that the answer is A?
upvoted 2 times
...
...
zozza2023
Highly Voted 2 years ago
Selected Answer: C
should be C as on the question has said 'no need for public IP" ==> private in API gateway = VPC endpoint
upvoted 9 times
...
AimarLeo
Most Recent 1 year ago
All given answers are not ideal.. the closet one is C BUT.. .when mentioning the requirement to have only 'a set of API to be private' means 'not all'.. turning the endpoint from public to private will turn all to Private ,, which is not fully correct as per the question.. I suppose the given answer or question missing an info.. or AWS starts playing with AI
upvoted 3 times
...
carpa_jo
1 year, 1 month ago
Selected Answer: C
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html
upvoted 1 times
...
career360guru
1 year, 1 month ago
Selected Answer: C
Option C
upvoted 1 times
...
venvig
1 year, 5 months ago
Selected Answer: C
Refer https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/
upvoted 1 times
...
Explorer_30
1 year, 5 months ago
Answer is C as explain in https://repost.aws/knowledge-center/api-gateway-vpc-connections
upvoted 1 times
...
SK_Tyagi
1 year, 5 months ago
Selected Answer: C
Regional to Private fits the use-case
upvoted 1 times
...
rtguru
1 year, 6 months ago
the best possible answer from all the options is C
upvoted 1 times
...
NikkyDicky
1 year, 7 months ago
Selected Answer: C
it's C, although it begs the questions about APIs that need to stay public...
upvoted 2 times
...
mfsec
1 year, 10 months ago
Selected Answer: C
C. Update the API endpoint from Regional to private in API Gateway.
upvoted 1 times
...
masetromain
2 years ago
Selected Answer: C
The correct answer is C. Update the API endpoint from Regional to private in API Gateway. Create an interface VPC endpoint in the VPC. Create a resource policy, and attach it to the API. Use the VPC endpoint to call the API from the VPC. This solution will meet the requirements with the least amount of effort because it utilizes the built-in features of API Gateway and VPC to restrict access to the API. With this method, no additional infrastructure or configurations are necessary. A and B are not correct because they would require additional infrastructure and configurations. D is not correct because it would require provisioning an EC2 instance and installing an Apache server, introducing additional complexity and management overhead.
upvoted 5 times
...
zhangyu20000
2 years ago
C is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago