Question #815

试题更新时间: 2023-11-07 12:59:45

To follow the new security compliances your company has hired an external auditor to assess the security perimeter around your SaaS platform. The application is running in multiple regions and uses the load balancers within each regions for higher availability. The instances loads sensitive configurations from an S3 bucket at start and the DynamoDB is used as primary database. The auditor has advised to further tighten the security groups and NACLs based on the application requirement and use the private network instead of using the public endpoints to access the AWS services. Your team decided to use the VPC Endpoints as it uses the AWS internal network for all the communication, after detailed examination they realised the current architecture will not allow them to use the VPC endpoints as it is and will require a set of modifications. What modifications would be needed to align the architecture? (Select THREE)

A. Configure the DynamoDB Global Tables to replicate the data into multi-regions

B. Create VPC Endpoints for S3 and DynamoDB and modify the route tables for all the availability zones used by the auto scaling group

C. Use the NAT Gateway for all the egress communication to these AWS services

D. Setup VPC gateway endpoint for S3 and interface endpoint for DynamoDB to communicate with these services over the private AWS network

E. Use the S3 Cross Region Replication to save the configurations in the multiple regions

上一题收藏列表练习记录

下一题点击收藏

问题反馈