ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 16 · Domain 1.2: Secure Workloads
An application in a private subnet needs to access an Amazon DynamoDB table. Traffic must not traverse the public internet. The security team requires that the application can ONLY access one specific DynamoDB table. How should this be implemented?
An application in a private subnet needs to access an Amazon DynamoDB table. Traffic must not traverse the public internet. The security team requires that the application can ONLY access one specific DynamoDB table. How should this be implemented?
Answer options:
A.
Create a NAT Gateway and use an IAM policy on the EC2 instance to restrict access.
B.
Create an Interface VPC Endpoint for DynamoDB and use Security Groups to restrict access.
C.
Create a Gateway VPC Endpoint for DynamoDB and attach an endpoint policy that allows access only to the specific table.
D.
Set up AWS Direct Connect to route traffic securely to DynamoDB.
How to approach this question
Identify the need for a Gateway Endpoint for DynamoDB and the use of Endpoint Policies for resource restriction.
Full Answer
C.Create a Gateway VPC Endpoint for DynamoDB and attach an endpoint policy that allows access only to the specific table.✓ Correct
Create a Gateway VPC Endpoint for DynamoDB and attach an endpoint policy that allows access only to the specific table.
Gateway VPC Endpoints allow private access to DynamoDB without the internet. VPC Endpoint Policies are IAM resource policies attached to the endpoint that can restrict access to specific DynamoDB tables.
Common mistakes
Thinking DynamoDB uses Interface Endpoints (PrivateLink). It uses Gateway Endpoints.
Practice the full AWS SAA-C03 Practice Exam 5
65 questions · hints · full answers · grading
More questions from this exam
Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...EasyQ02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...MediumQ03A company is designing a VPC for a multi-tier web application. They need to block specific malici...MediumQ04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...HardQ05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium