Examice

Exam SCS-C02 All QuestionsBrowse all questions from this exam

Question 142

A company has two AWS accounts: Account A and Account B. Each account has a VPC. An application that runs in the VPC in Account A needs to write to an Amazon S3 bucket in Account B. The application in Account A already has permission to write to the S3 bucket in Account B.

The application and the S3 bucket are in the same AWS Region. The company cannot send network traffic over the public internet.

Which solution will meet these requirements?

In both accounts, create a transit gateway and VPC attachments in a subnet in each Availability Zone. Update the VPC route tables.

Deploy a software VPN appliance in Account A. Create a VPN connection between the software VPN appliance and a virtual private gateway in Account B.

Create a VPC peering connection between the VPC in Account A and the VPC in Account B. Update the VPC route tables, network ACLs, and security groups to allow network traffic between the peered IP ranges

In Account A, create a gateway VPC endpoint for Amazon S3. Update the VPC route table in Account A.

Correct Answer: C

To meet the requirements of the application securely accessing an S3 bucket in another AWS account without sending traffic over the public internet, the best solution is to create a VPC peering connection between the VPC in Account A and the VPC in Account B. After establishing the peering connection, you need to update the route tables, network ACLs, and security groups to allow network traffic between the peered VPC IP ranges. This approach ensures that the traffic remains within the AWS infrastructure and does not traverse the public internet, while also allowing cross-account access.

Discussion

Certified101Option: D

D 100000%%

Nash101

C A. Transit Gateway: While transit gateways can connect multiple VPCs, they are more complex to set up and manage compared to VPC peering for this specific scenario. They might be a better choice for intricate multi-account VPC connectivity needs. B. Software VPN: A software VPN creates a secure tunnel over the internet, which violates the requirement of avoiding public internet traffic. Additionally, VPNs can introduce performance overhead and management complexity. D. Gateway VPC Endpoint for S3: This option utilizes a Gateway VPC endpoint for S3 access within the VPC in Account A. However, it only allows access to S3 within the same account (Account A). The application needs access to the S3 bucket in a different account (Account B).

aditOption: C

Option C

cumzle_comOption: D

By using a gateway VPC endpoint, the solution remains within the AWS network, ensuring low latency and secure traffic flow without the need for additional infrastructure and complexity

grekh001

D. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html