A security engineer is creating a new Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster. The cluster will act as a data warehouse. A separate fleet of application servers will extract records from the data warehouse and will transform these records into reports that will be uploaded to Amazon S3 buckets.
The security engineer must securely configure the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster so that only the application servers can access it.
Which solution meets these requirements?

A. Configure network ACLs on the subnets that host the Amazon OpenSearch Service (Amazon Elasticsearch Service) instances to allow access from the application servers only.

B. Configure a VPC peering connection between the VPC that contains the application servers and the VPC that contains the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster.

C. Monitor the VPC flow logs for traffic that is destined for the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster. Use the flow logs to detect traffic that did not originate from the application servers.

D. Configure the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster for VPC access only. Use a security group to allow access to the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster from the application servers only.








 

Suggested Answer: C

Community Answer: D




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.