Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 6 Question 25 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 25
Topic #: 6
[All SAP-C02 Questions]

A company has many services running in its on-premises data center. The data center is connected to AWS using AWS Direct Connect (DX)and an IPsec VPN. The service data is sensitive and connectivity cannot traverse the interne. The company wants to expand to a new market segment and begin offering Is services to other companies that are using AWS.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

To offer services to other companies using AWS without traversing the internet, creating a VPC Endpoint Service hosted behind an Application Load Balancer (ALB) and making it available over AWS Direct Connect (DX) is the most suitable solution. This approach ensures that the service traffic remains within the AWS network, adhering to the requirement that connectivity must not traverse the internet. An ALB is capable of handling HTTP/HTTPS traffic, making it appropriate for web-based services. Utilizing DX for connectivity between the on-premises data center and AWS further secures and optimizes the network path.


AWS Direct Connect Documentation: Explains how to set up DX for private connectivity between AWS and an on-premises network.

Amazon VPC Endpoint Services (AWS PrivateLink) Documentation: Provides details on creating and configuring endpoint services for private, secure access to services hosted in AWS.

AWS Application Load Balancer Documentation: Offers guidance on configuring ALBs to distribute HTTP/HTTPS traffic efficiently.

Contribute your Thoughts:

Ryann
6 months ago
That makes sense. Thank you for explaining.
upvoted 0 times
...
Latrice
6 months ago
By creating a VPC Endpoint Service that accepts TCP traffic and hosting it behind a Network Load Balancer, we can make the service available over DX, meeting the requirements.
upvoted 0 times
...
Latrice
6 months ago
I disagree. I believe the correct answer is A.
upvoted 0 times
...
Lisbeth
6 months ago
Because hosting the service behind an Application Load Balancer will allow us to accept HTTP or HTTPS traffic.
upvoted 0 times
...
Ryann
6 months ago
Why do you think so?
upvoted 0 times
...
Lisbeth
7 months ago
I think the answer is B.
upvoted 0 times
...
Micaela
7 months ago
I personally prefer option D. Using a NAT gateway for inbound and outbound traffic control seems more reliable.
upvoted 0 times
...
Emelda
7 months ago
I disagree, option B might be better. Hosting the service behind an Application Load Balancer makes it more flexible.
upvoted 0 times
...
Valentin
7 months ago
I think the best solution is A. Using a VPC Endpoint Service behind a Network Load Balancer seems secure.
upvoted 0 times
...
Keneth
8 months ago
Okay, let's think this through. Option A sounds like it could work, since a Network Load Balancer can provide private access over Direct Connect. But I'm not sure if TCP is the best protocol for this use case, maybe HTTPS would be better?
upvoted 0 times
...
Ernie
8 months ago
Haha, imagine if they just said 'Make it work over the internet, who cares about the sensitive data!' That would be a disaster waiting to happen.
upvoted 0 times
...
Narcisa
8 months ago
Yeah, I agree. Options C and D don't really meet the requirements since they involve using the internet. But I'm not sure if a VPC Endpoint Service is the right solution either, since that's usually used for private access to AWS services, not for exposing your own services.
upvoted 0 times
Ma
7 months ago
Agreed. Option A provides a secure way to offer our services to other companies while maintaining the sensitivity of the data.
upvoted 0 times
...
Malinda
8 months ago
I think we should go with Option A for secure connectivity to the new market segment.
upvoted 0 times
...
Robt
8 months ago
Option A with a VPC Endpoint Service behind a Network Load Balancer sounds like a secure solution for expanding the services.
upvoted 0 times
...
Cristy
8 months ago
Yeah, I agree. We definitely need to avoid using the internet for connectivity.
upvoted 0 times
...
Lawrence
8 months ago
I see your point. Option B involves using HTTP or HTTPS traffic, which might not be the best for sensitive service data.
upvoted 0 times
...
Ilene
8 months ago
Option A seems like the best choice in this scenario. We need to keep the service traffic secure and not accessible over the internet.
upvoted 0 times
...
...
Rima
8 months ago
Hmm, this is a tricky one. The key requirements here are that the data is sensitive and the connectivity cannot go through the internet, so I'm leaning towards options A or B.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77