Question 164 of 310 from exam SCS-C01: AWS Certified Security - Specialty

Question 164 of 310 from exam SCS-C01: AWS Certified Security - Specialty

Question

An application is deployed to EC2 instances inside a private VPC subnet.

The application uses Amazon DynamoDB for data storage.

Regulatory requirements specify that all data must not traverse over the public internet.

Which steps must be performed to implement a solution to meet these requirements (SELECT TWO?

Destination

Target

pl-1a2b3cad

nat-12345678901234567

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C.

Answer: B and D.

Option A is incorrect because the Amazon DynamoDB service uses VPC Gateway Endpoint (not VPC Interface Endpoint) for enabling a private connection to a VPC.Option B is CORRECT because the Amazon DynamoDB service uses VPC Gateway Endpoint for enabling private connection to a VPC.Option C is incorrect because this route table rule would send traffic with a prefix-list ID of the DynamoDB service to the NAT gateway (and thus outbound to the internet).

Option D is CORRECT because you must create a route table rule for prefix list ID of the DynamoDB service with the DynamoDB VPC endpoint as the target.

Option E is incorrect because this route table rule would send all traffic to the DynamoDB VPC endpoint.

Reference:

https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html