makeporngreatagain.pro
yeahporn.top
hd xxx
Uncategorized

Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test

38,560

Question 43

You are planning to use Docker containers on a cluster of EC2 instance, launched in a VPC. EC2 instance needs to access ECR to download Docker images & access S3 buckets in order to download images. Apart from this, the EC2 instance needs secure connectivity to the ECS control plane. You have created private & public subnets to launch these EC2 instances. What will enable secure connectivity and ensure that all container orchestration traffic stays within VPC? (Select TWO)

A. Use AWS PrivateLink to connect to the Amazon S3 buckets for downloading images.

B. For instance, in Public Subnets, use Internet Gateway to access ECS, ECR & Amazon S3 buckets.

C. Use Gateway VPC Endpoint to connect to the Amazon S3 buckets for downloading images.

D. Use AWS PrivateLink to connect to the Amazon ECS for control plane connectivity & ECR for downloading Docker images.

E. For instance, in Private Subnets, use NAT to access ECS, ECR & Amazon S3 buckets.

F. Use Gateway VPC Endpoint for connecting to Amazon ECS for control plane connectivity & ECR for downloading Docker images.

Answer

Explanation:

Correct Answer –  C and D

Gateway VPC Endpoint provides secure private access to Amazon S3 & DynamoDB without traffic routing via the Internet. When Gateway Endpoints are created, VPCE is created along with the addition of S3 prefixes in the routing table pointing to VPCE.

AWS PrivateLink provides secure private access to various AWS services by adding an Elastic Network Interface within a VPC. AWS creates a local/ regional DNS entry which resolves to the local IP address assigned to ENI.

  • Option A is incorrect as AWS PrivateLink does not support access to Amazon S3. Amazon S3 can be access private from within a VPC via Gateway VPC Endpoint.
  • Options B and E are incorrect as with this, the Traffic from EC2 instance to ECS, ECR, and Amazon S3  will be flowing over the Internet.
  • Option F is incorrect as Gateway VPC Endpoint does not support access to Amazon ECR, it supports private access only to Amazon S3 & Amazon DynamoDB.

For more information on Gateway VPC Endpoints and AWS PrivateLink, refer to the following URLs:

https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html

https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html

https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html

 

admin
You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.

baseofporn.com https://www.opoptube.com
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.