An architect is designing a secure VPC architecture. The VPC contains private subnets with EC2 instances that need to download software patches from Amazon S3 and access Amazon DynamoDB. The instances must NOT have internet access. Which TWO solutions provide the MOST secure and cost-effective connectivity? (Select TWO)

Answer options:

A.

Create a Gateway VPC Endpoint for Amazon S3.

B.

Create an Interface VPC Endpoint (AWS PrivateLink) for Amazon S3.

C.

Create a Gateway VPC Endpoint for Amazon DynamoDB.

D.

Deploy a NAT Gateway in a public subnet.

E.

Configure an AWS VPN connection to the AWS public zone.

F.

Use AWS Transit Gateway to route traffic to the public internet.

How to approach this question

Identify the two AWS services that support Gateway VPC Endpoints (S3 and DynamoDB).

Full Answer

Create a Gateway VPC Endpoint for Amazon S3. Create a Gateway VPC Endpoint for Amazon DynamoDB.

Amazon S3 and Amazon DynamoDB are the only two services that support Gateway VPC Endpoints. These endpoints are added to the VPC route table, provide secure private access without internet, and are completely free.

Common mistakes

Choosing NAT Gateway, which provides internet access and costs money.

Question 55 All questions Question 57

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →