SAA-C03 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAA-C03 Exam - Question 657

A company has multiple AWS accounts in an organization in AWS Organizations that different business units use. The company has multiple offices around the world. The company needs to update security group rules to allow new office CIDR ranges or to remove old CIDR ranges across the organization. The company wants to centralize the management of security group rules to minimize the administrative overhead that updating CIDR ranges requires.

Which solution will meet these requirements MOST cost-effectively?

Show Answer
Correct Answer: B

Creating a VPC customer-managed prefix list that contains the list of CIDRs and using AWS Resource Access Manager (AWS RAM) to share the prefix list across the organization is the most cost-effective solution. This approach simplifies the management of security group rules by allowing updates to the prefix list instead of individually updating each security group. This centralization minimizes administrative overhead by utilizing a single point of update for all office CIDR ranges, ensuring all security groups referencing the prefix list are automatically updated when changes occur.

Discussion

7 comments
Sign in to comment
TariqKipkemeiOption: B
Dec 7, 2023

A managed prefix list is a set of one or more CIDR blocks. You can use prefix lists to make it easier to configure and maintain your security groups and route tables. You can create a prefix list from the IP addresses that you frequently use, and reference them as a set in security group rules and routes instead of referencing them individually. If you scale your network and need to allow traffic from another CIDR block, you can update the relevant prefix list and all security groups that use the prefix list are updated. You can also use managed prefix lists with other AWS accounts using Resource Access Manager (RAM). https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html#:~:text=A-,managed%20prefix,-list%20is%20a

achechenOption: B
Nov 30, 2023

looks like B is the answer. Reference: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html

awsgeek75
Jan 20, 2024

Such a badly worded question: "The company has multiple offices around the world. The company needs to update security group rules to allow new office CIDR ranges or to remove old CIDR ranges across the organization." Are the CIDR groups associated to offices? That will be illogical. I think it should be VPC and not offices.

ale_brd_Option: B
Dec 28, 2023

Answer is B

avdxeqtrOption: B
Jan 22, 2024

https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html

KennethNg923Option: B
Jun 17, 2024

prefix list for CIDR blocks

Gape4Option: B
Jul 4, 2024

I will go for B