Amazon Exam ANS-C00 Topic 2 Question 12 Discussion

Actual exam question for Amazon's ANS-C00 exam

Question #: 12
Topic #: 2

A company's application runs in a VPC and stores sensitive data in Amazon S3 The application's Amazon EC2 instances are located in a private subnet with a NAT gateway deployed in a public subnet to provide access to Amazon S3 The S3 bucket is located in the same AWS Region as the EC2 instances The company wants to ensure that this bucket can be accessed only from the VPC where the application resides

Which changes should a network engineer make to the architecture to meet these requirements?

ADelete the existing S3 bucket and create a new S3 bucket inside the VPC in the private subnet Configure the S3 security group to allow only the application instances to access the bucket

BDeploy an S3 VPC endpoint in the VPC where the application resides Configure an S3 bucket policy with a condition to allow access only from the VPC endpoint

CConfigure an S3 bucket policy, and use an IP address condition to restrict access to the bucket Allow access only from the VPC CIDR range, and deny all other IP address ranges

DCreate a new 1AM role for the EC2 instances that provides access to the S3 bucket and assign the role to the application instances Configure an S3 bucket policy to allow access only from the role

Show Suggested Answer

Suggested Answer: B

by Beatriz at May 03, 2022, 10:25 AM

Limited Time Offer

25%

Off

Get Premium ANS-C00 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!