SAP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C02 Exam - Question 520

A company is changing the way that it handles patching of Amazon EC2 instances in its application account. The company currently patches instances over the internet by using a NAT gateway in a VPC in the application account.

The company has EC2 instances set up as a patch source repository in a dedicated private VPC in a core account. The company wants to use AWS Systems Manager Patch Manager and the patch source repository in the core account to patch the EC2 instances in the application account. The company must prevent all EC2 instances in the application account from accessing the internet.

The EC2 instances in the application account need to access Amazon S3, where the application data is stored. These EC2 instances need connectivity to Systems Manager and to the patch source repository in the private VPC in the core account.

Which solution will meet these requirements?

Show Answer
Correct Answer: C

The correct solution involves creating VPC endpoints for both AWS Systems Manager and Amazon S3, which will allow the EC2 instances in the application account to access these services without requiring internet access. Deleting the NAT gateway ensures that the instances do not have internet access. Additionally, creating a VPC peering connection between the application account and the core account will enable the EC2 instances in the application account to access the patch source repository in the private VPC of the core account. Updating the route tables in both accounts will ensure that the traffic is properly routed. This configuration meets all the requirements of preventing internet access, maintaining connectivity to required AWS services, and accessing the patch repository securely.

Discussion

2 comments
Sign in to comment
AlagongOption: C
Jul 3, 2024

answer : C

kupo777
Jul 2, 2024

A, D A block of Port.80 is not enough. B private VIFs is inadequate. The correct answer is C.