nerdexam
ExamsDBS-C01Questions#334
AmazonAmazon

DBS-C01 · Question #334

DBS-C01 Question #334: Real Exam Question with Answer & Explanation

The correct answer is C: Create a gateway VPC endpoint for DynamoDB. Update the VPC route table.. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html

Submitted by manish99· Mar 6, 2026Database Security

Question

A database administrator is reviewing the deployment of an application that uses Amazon DynamoDB. A fleet of Amazon EC2 application instances accesses the database. The database administrator notices that EC2 instances are using public IP addresses to access the database and that the database is available to the internet. Company policy requires that all corporate data must be accessed privately and that external access from the internet is not allowed. Which combination of steps will ensure that the DynamoDB database meets these requirements? (Choose two.)

Options

  • AConfigure the DynamoDB security group and network ACLs to block external access.
  • BCreate an AWS PrivateLink VPC endpoint for DynamoDUpdate the VPC route table.
  • CCreate a gateway VPC endpoint for DynamoDB. Update the VPC route table.
  • DProvision a NAT gateway to access DynamoDB. Update the VPC route table.
  • EUse the aws:sourceVpce condition for all the IAM roles that provision access to the table.

Explanation

https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html

Topics

#DynamoDB VPC endpoint (Gateway)#Private access#IAM policy conditions#Network security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DBS-C01 PracticeBrowse All DBS-C01 Questions