ANS-C01 Question #285: Real Exam Question with Answer & Explanation

Question

A company hosts application servers on premises and on Amazon EC2 instances in a VPC. The application servers access data that is hosted in an Amazon S3 bucket through the public internet. The EC2 instances in the VPC use an AWS Site-to-Site VPN for connectivity with the on- premises application servers. New company regulations state that all traffic between the application servers and the S3 bucket must remain private and must not use public IP addresses. Which solution will meet these requirements MOST cost-effectively?

Options

• AConfigure an S3 gateway endpoint Modify the route table with the appropriate route for the
• BConfigure an S3 interface endpoint. Update the on-premises servers and EC2 instances to use
• CConfigure an S3 interface endpoint. Update the on-premises servers to use the interface endpoint
• DConfigure an S3 gateway endpoint. Modify the route table with the appropriate route for the

Explanation

S3 Gateway Endpoint for VPC Access: A gateway endpoint is a highly cost-effective and scalable solution for providing private access to Amazon S3 from within a VPC. By creating an S3 gateway endpoint and modifying the route table, EC2 instances in the VPC can access S3 without using public IPs or traversing the internet. No Need for Interface Endpoints or Additional Proxies: Interface endpoints are more expensive and generally not required for accessing S3 unless you need fine-grained network traffic control or private DNS resolution. Similarly, deploying a proxy fleet introduces unnecessary complexity Simplicity and Cost-Effectiveness: The S3 gateway endpoint meets the requirement of keeping traffic private and is the simplest, most cost-effective solution for accessing S3 from the EC2 instances in the VPC.

No community discussion yet for this question.