nerdexam
ExamsDBS-C01Questions#42
AmazonAmazon

DBS-C01 · Question #42

DBS-C01 Question #42: Real Exam Question with Answer & Explanation

The correct answer is B: Check that an Amazon S3 VPC endpoint exists. Explanation When Neptune attempts to load data from S3 using the bulk loader API, it communicates entirely within the AWS network - meaning Neptune must reach S3 through an S3 VPC endpoint (B), since Neptune runs inside a VPC and cannot route traffic to S3 without one. Additional

Submitted by andreas_gr· Mar 6, 2026Monitoring and Troubleshooting

Question

A Database Specialist is creating a new Amazon Neptune DB cluster, and is attempting to load fata from Amazon S3 into the Neptune DB cluster using the Neptune bulk loader API. The Database Specialist receives the following error: "Unable to connect to s3 endpoint. Provided source = s3://mybucket/graphdata/ and region = us- east-1. Please verify your S3 configuration." Which combination of actions should the Database Specialist take to troubleshoot the problem? (Choose two.)

Options

  • ACheck that Amazon S3 has an IAM role granting read access to Neptune
  • BCheck that an Amazon S3 VPC endpoint exists
  • CCheck that a Neptune VPC endpoint exists
  • DCheck that Amazon EC2 has an IAM role granting read access to Amazon S3
  • ECheck that Neptune has an IAM role granting read access to Amazon S3

Explanation

Explanation

When Neptune attempts to load data from S3 using the bulk loader API, it communicates entirely within the AWS network - meaning Neptune must reach S3 through an S3 VPC endpoint (B), since Neptune runs inside a VPC and cannot route traffic to S3 without one. Additionally, Neptune itself requires an IAM role attached to the Neptune cluster (E) that grants it permission to read from S3, because Neptune is the service making the API calls to S3.

Why the distractors are wrong:

  • A is incorrect because S3 does not need an IAM role - IAM roles are attached to compute/service resources, not S3 itself.
  • C is incorrect because a Neptune VPC endpoint is not required here; it's the S3 VPC endpoint that enables the connectivity path.
  • D is incorrect because EC2 is not involved in this operation - the Neptune bulk loader runs as a Neptune service action, not via EC2.

💡 Memory Tip

Think "Who connects, and who authenticates?" - Neptune connects to S3 via an S3 VPC endpoint, and Neptune authenticates with an IAM role attached to Neptune. The pattern is: VPC endpoint for network path + IAM role on the calling service.

Topics

#Neptune Bulk Loader#S3 Connectivity#IAM Roles#VPC Endpoints

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DBS-C01 PracticeBrowse All DBS-C01 Questions