No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

A company has two VPCs in the same AWS Region and in the same AWS account. Each VPC uses a CIDR block that does not overlap with the CIDR block of the other VPC. One VPC contains AWS Lambda functions that run inside a subnet that accesses the internet through a NAT gateway. The Lambda functions require access to a publicly accessible Amazon Aurora MySQL database that is running in…

QuestionsCategory: SCS-C01A company has two VPCs in the same AWS Region and in the same AWS account. Each VPC uses a CIDR block that does not overlap with the CIDR block of the other VPC. One VPC contains AWS Lambda functions that run inside a subnet that accesses the internet through a NAT gateway. The Lambda functions require access to a publicly accessible Amazon Aurora MySQL database that is running in…
0 Vote Up Vote Down
Admin Staff asked 7 months ago 
A company has two VPCs in the same AWS Region and in the same AWS account. Each VPC uses a CIDR block that does not overlap with the CIDR block of the other VPC. One VPC contains AWS Lambda functions that run inside a subnet that accesses the internet through a NAT gateway. The Lambda functions require access to a publicly accessible Amazon Aurora MySQL database that is running in the other VPC.
A security engineer determines that the Aurora database uses a security group rule that allows connections from the NAT gateway IP address that the Lambda functions use. The company’s security policy states that no database should be publicly accessible.
What is the MOST secure way that the security engineer can provide the Lambda functions with access to the Aurora database?

A. Move the Aurora database into a private subnet that has no internet access routes in the database's current VPC. Configure the Lambda functions to use the Aurora database’s new private IP address to access the database. Configure the Aurora database's security group to allow access from the private IP addresses of the Lambda functions.

B. Establish a VPC endpoint between the two VPCs. In the Aurora database's VPC, configure a service VPC endpoint for Amazon RDS. In the Lambda functions’ VPC, configure an interface VPC endpoint that uses the service endpoint in the Aurora database's VPC. Configure the service endpoint to allow connections from the Lambda functions

C. Establish an AWS Direct Connect interface between the VPCs. Configure the Lambda functions to use a new route table that accesses the Aurora database through the Direct Connect interface. Configure the Aurora database's security group to allow access from the Direct Connect interface IP address,

D. Move the Lambda functions into a public subnet in their VPC. Move the Aurora database into a private subnet in its VPC. Configure the Lambda functions to use the Aurora database's new private IP address to access the database. Configure the Aurora database to allow access from the public IP addresses of the Lambda functions.








 

Suggested Answer: C

Community Answer: B




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
Question Tags:

Next Post

101 Practice Test Free

101-500 Practice Test Free

102-500 Practice Test Free

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In