ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.2: Security ControlsEKSSecurityApp MeshContainers

AWS SAP-C02 · Question 11 · Domain 1.2: Security Controls

A company is deploying a new microservices architecture using Amazon EKS. The security team requires that all pod-to-pod communication within the cluster be encrypted. Additionally, they must restrict which pods can communicate with each other based on labels. Which solution meets these requirements with the LEAST operational overhead?

Answer options:

A.

Configure Kubernetes Network Policies using the AWS VPC CNI plugin. Modify application code to use TLS.

B.

Implement AWS App Mesh with mTLS enabled. Use App Mesh virtual nodes and routes to control traffic.

C.

Use AWS Network Firewall to inspect and encrypt traffic between EKS nodes.

D.

Deploy an Application Load Balancer (ALB) in front of every pod and configure HTTPS listeners.

How to approach this question

Look for transparent encryption (mTLS) and traffic control without code changes.

Full Answer

B.Implement AWS App Mesh with mTLS enabled. Use App Mesh virtual nodes and routes to control traffic.✓ Correct
Implement a service mesh like AWS App Mesh with mTLS enabled.
A service mesh like AWS App Mesh uses Envoy sidecar proxies to transparently encrypt pod-to-pod traffic using mutual TLS (mTLS) and enforce fine-grained routing and access controls without changing application code.

Common mistakes

Choosing Network Policies alone, which don't provide encryption.
10All questions12

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...HardQ02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...MediumQ03An e-commerce company requires a multi-region active-active architecture for its critical order p...MediumQ04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...HardQ05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium
View all 75 questions →