Amazon Exam SAP-C02 Topic 8 Question 40 Discussion

Actual exam question for Amazon's SAP-C02 exam

Question #: 40
Topic #: 8

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.

The company's infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.

Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO.)

ACreate a transit gateway in the infrastructure account.

BEnable resource sharing from the AWS Organizations management account.

CCreate VPCs in each AWS account within the organization in AWS Organizations. Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account. Peer the VPCs in each individual account with the VPC in the infrastructure account,

DCreate a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.

ECreate a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each prefix list to associate with the resource share.

Show Suggested Answer

Suggested Answer: C

Store the PGP Private Key:

Step 1: In the AWS Management Console, navigate to AWS Secrets Manager.

Step 2: Store the PGP private key in Secrets Manager. Ensure the key is encrypted and properly secured.

Set Up the Transfer Family Managed Workflow:

Step 1: In the AWS Transfer Family console, create a new managed workflow.

Step 2: Add a nominal step to the workflow that includes the decryption of the files. Configure this step with the PGP decryption parameters, referencing the PGP private key stored in Secrets Manager.

Step 3: Associate this workflow with the Transfer Family SFTP server, ensuring that incoming files are automatically decrypted upon receipt.

This solution ensures that the data is securely decrypted as it is transferred from the SFTP server to the S3 bucket, automating the decryption process and leveraging AWS Secrets Manager for key management.

Reference

AWS Transfer Family Documentation

Using AWS Secrets Manager for Managing Secrets

AWS Transfer Family Managed Workflows

by Lashonda at Sep 18, 2024, 03:30 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

William

3 days ago

I think we should create a transit gateway in the infrastructure account.

upvoted 0 times

...