AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An organization needs to ensure that its compute instances, which handle sensitive data in an isolated environment, have the ability to securely access object storage without the data traveling over the internet. Which configuration aligns with these stringent security requirements?
Allocate public IP addresses to the compute instances for internet access to the object storage.
Install a NAT device in the isolated environment to route traffic to the object storage.
Set up a VPN connection from the compute instances to the object storage service.
Provision a service-specific gateway within the isolated environment for direct object storage access.
Implementing a gateway that directly connects the isolated environment to the object storage service via private networking ensures that the data does not traverse the public internet, thereby maintaining a high security posture. This gateway referred to as an endpoint specific to a service, allows for private communication between the network where the instances are hosted and the object storage service. Utilizing public IP addresses, NAT devices, or VPN connections would not satisfy the condition of keeping all traffic within the private network infrastructure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a service-specific gateway?
Open an interactive chat with Bash
How does a VPC endpoint differ from using a NAT device?
Open an interactive chat with Bash
Why is using public IPs inappropriate for securing sensitive data?