Q76. A company currently runs a secure application on Amazon EC2 that takes files from onpremises locations through AWS Direct Connect processes them and uploads them to a single Amazon S3 bucket. The application uses HTTPS for

欢迎免费使用小程序搜题/刷题/查看解析,提升学历,成考自考报名,论文代写、论文查重请加客服微信skr-web


Q76. A company currently runs a secure application on Amazon EC2 that takes files from onpremises locations through AWS Direct Connect processes them and uploads them to a single Amazon S3 bucket. The application uses HTTPS for encryption in transit to Amazon S3 and S3 serverside encryption to encrypt at rest.Which of the following changes should the Solutions Architect recommend to make this solution more secure without impeding application's performance?

A.Add a NAT gateway. Update the security groups on the EC2 instance to allow access to and from the S3 IP range only. Configure an S3 bucket policy that allows communication from the NAT gateway's Elastic IP address only.
B.Add a VPC endpoint. Configure endpoint policies on the VPC endpoint to allow access to the required Amazon S3 buckets only. Implement an S3 bucket policy that allows communication from the VPC's source IP range only.
C.Add a NAT gateway. Update the security groups on the EC2 instance to allow access to and from the S3 IP range only. Configure an S3 bucket policy that allows communication from the source public IP address of the on-premises network only.
D.Add a VPC endpoint. Configure endpoint policies on the VPC endpoint to allow access to the required S3 buckets only. Implement an S3 bucket policy that allows communication from the VPC endpoint only.
正确答案D
访客
邮箱
网址

通用的占位符缩略图

人工智能机器人,扫码免费帮你完成工作


  • 自动写文案
  • 自动写小说
  • 马上扫码让Ai帮你完成工作
通用的占位符缩略图

人工智能机器人,扫码免费帮你完成工作

  • 自动写论文
  • 自动写软件
  • 我不是人,但是我比人更聪明,我是强大的Ai
Top