{"id":478,"date":"2021-01-06T16:48:11","date_gmt":"2021-01-06T16:48:11","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/aws-certified-solutions-architect-professional-sap-c01-question471\/"},"modified":"2021-01-06T16:48:11","modified_gmt":"2021-01-06T16:48:11","slug":"aws-certified-solutions-architect-professional-sap-c01-question471","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/aws-certified-solutions-architect-professional-sap-c01-question471\/","title":{"rendered":"AWS Certified Solutions Architect &#8211; Professional SAP-C01 &#8211; Question471"},"content":{"rendered":"<div class=\"question\">A company currently runs a secure application on Amazon EC2 that takes files from on-premises locations through AWS Direct Connect, processes them, and uploads them to a single Amazon S3 bucket. The application uses HTTPS for encryption in transit to Amazon S3, and S3 server-side encryption to encrypt at rest.<br \/>\nWhich of the following changes should the Solutions Architect recommend to make this solution more secure without impeding application\u2019s performance? <br \/><strong><br \/>A.<\/strong> Add a NAT gateway. Update the security groups on the EC2 instance to allow access to and from the S3 IP range only. Configure an S3 bucket policy that allows communication from the NAT gateway\u2019s Elastic IP address only. <br \/><strong>B.<\/strong> Add a VPC endpoint. Configure endpoint policies on the VPC endpoint to allow access to the required Amazon S3 buckets only. Implement an S3 bucket policy that allows communication from the VPC\u2019s source IP range only. <br \/><strong>C.<\/strong> Add a NAT gateway. Update the security groups on the EC2 instance to allow access to and from the S3 IP range only. Configure an S3 bucket policy that allows communication from the source public IP address of the on-premises network only. <br \/><strong>D.<\/strong> Add a VPC endpoint. Configure endpoint policies on the VPC endpoint to allow access to the required S3 buckets only. Implement an S3 bucket policy that allows communication from the VPC endpoint only.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>D<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nReference:<br \/>\n<a href=\"https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-bucket-policies-vpc-endpoint.html\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-bucket-poli&#8230;<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A company currently runs a secure application on Amazon EC2 that takes files from on-premises locations through AWS Direct Connect, processes them, and uploads them to a single Amazon S3 bucket. The application uses HTTPS for encryption in transit to Amazon S3, and S3 server-side encryption to encrypt at rest. Which of the following changes [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,474],"class_list":["post-478","post","type-post","status-publish","format-standard","hentry","category-aws-certified-solutions-architect-professional-sap-c01","tag-aws-certified-solutions-architect-professional-sap-c01","tag-question-471"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts\/478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/comments?post=478"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts\/478\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/media?parent=478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/categories?post=478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/tags?post=478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}