ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 1.1: Network ConnectivityNetworkingVPC EndpointsSecurity

AWS SAP-C02 · Question 31 · Domain 1.1: Network Connectivity

A company has a hybrid architecture with an AWS Direct Connect connection between their on-premises data center and a VPC. They are deploying a new application in the VPC that requires access to Amazon S3. The security team mandates that traffic to S3 must not traverse the public internet and must not use the Direct Connect connection to route back through on-premises proxies. How should the Architect configure access to S3?

Answer options:

A.

Create a Gateway VPC Endpoint for Amazon S3 in the VPC and update the route tables.

B.

Create an Interface VPC Endpoint (AWS PrivateLink) for Amazon S3 in the VPC.

C.

Deploy a NAT Gateway in a public subnet and route S3 traffic through it.

D.

Configure a public Virtual Interface (VIF) on the Direct Connect connection.

How to approach this question

Identify the standard, cost-effective method for keeping S3 traffic private within a VPC.

Full Answer

A.Create a Gateway VPC Endpoint for Amazon S3 in the VPC and update the route tables.✓ Correct
Create a Gateway VPC Endpoint for Amazon S3 in the VPC and update the route tables.
A Gateway VPC Endpoint allows you to privately connect your VPC to Amazon S3 without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Traffic between your VPC and S3 does not leave the Amazon network. It is also free of charge, unlike Interface endpoints.

Common mistakes

Choosing Interface Endpoint for S3 when Gateway Endpoint is the standard for in-VPC access.
30All questions32

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS ...HardQ02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...MediumQ03A financial institution requires a disaster recovery strategy for its critical trading applicatio...HardQ04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...MediumQ05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard
View all 75 questions →