ANS-C01 · Question #94
ANS-C01 Question #94: Real Exam Question with Answer & Explanation
The correct answer is B: Use the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with. You can connect directly to AWS KMS through a private endpoint in your VPC instead of connecting over the internet. When you use a VPC endpoint, communication between your VPC and AWS KMS is conducted entirely within the AWS network. https://docs.aws.amazon.com/kms/latest/develop
Question
An organization wants to process sensitive information using the Amazon EMR service. The information is stored in on-premises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN connectivity to the on- premises network. The security organization does not allow Amazon EC2 instances to run in the public subnet. What is the MOST simple and secure architecture that will achieve the organization's goal?
Options
- AUse the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3
- BUse the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with
- CCreate a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet
- DCreate a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet
Explanation
You can connect directly to AWS KMS through a private endpoint in your VPC instead of connecting over the internet. When you use a VPC endpoint, communication between your VPC and AWS KMS is conducted entirely within the AWS network. https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html
Topics
Community Discussion
No community discussion yet for this question.