AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Which statement about an interface VPC endpoint (AWS PrivateLink) is correct when you want instances in a VPC to reach an AWS service securely?
They assign a public IP address to the endpoint's network interface so that traffic to the service is routed over the internet.
They allow private connectivity to supported AWS services without the need for an internet gateway, NAT device, VPN connection, or AWS Direct Connect because all traffic stays on the AWS network.
They require you to add a route-table entry that targets the endpoint and are available only for Amazon S3 and DynamoDB.
They are automatically created in every subnet of a VPC and cannot be controlled with security groups.
Interface VPC endpoints create one or more elastic network interfaces (ENIs) with private IP addresses in your chosen subnets. Because traffic remains on the AWS network, they do not require an internet gateway, NAT device, VPN connection, or AWS Direct Connect. Interface endpoints are available for many AWS and SaaS services, can be restricted with security groups, and do not rely on route-table entries. Gateway endpoints, by contrast, are limited to Amazon S3 and DynamoDB and do add route-table entries. Public IP addresses are never assigned to the endpoint ENIs. Therefore, option A is the only accurate choice; the other options describe properties of gateway endpoints or public internet access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS PrivateLink?
Open an interactive chat with Bash
How do Interface VPC endpoints work?
Open an interactive chat with Bash
What are the benefits of using Interface VPC endpoints?