Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

An organization is using AWS DMS to migrate data from an on-premises Oracle database to an Amazon Redshift cluster in a public subnet. A security audit mandates that only the DMS replication instance may open a TCP connection to the cluster on port 5439. What is the MOST secure way to implement this requirement?

  • Attach an AWS WAF web ACL to the Redshift endpoint that allows the replication instance's IP address and blocks all others.

  • Enable enhanced VPC routing on the Redshift cluster so that only resources in the same VPC can initiate connections.

  • Add an inbound rule to the Redshift cluster's security group that allows port 5439 traffic only from the DMS replication instance's private IP address.

  • Configure a network ACL on the Redshift subnets that denies all inbound traffic except port 5439 from the replication instance's IP address.

AWS Certified Data Engineer Associate DEA-C01
Data Ingestion and Transformation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot