DOP-C02 · Question #77
DOP-C02 Question #77: Real Exam Question with Answer & Explanation
The correct answer is C: Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3.. Creating a VPC endpoint for Amazon S3 allows the EC2 instances to access the application artifacts in the S3 bucket without going through the internet, thus meeting the new security requirement of running the instances with no internet access. Assigning an IAM instance profile to
Question
To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the internet. While the instances launch successfully and show as healthy, the application does not seem to be installed. Which of the following should successfully install the application while complying with the new rule?
Options
- ALaunch the instances in a public subnet with Elastic IP addresses attached. Once the application
- BSet up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's
- CPublish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3.
- DCreate a security group for the application instances and allow only outbound traffic to the artifact
Explanation
Creating a VPC endpoint for Amazon S3 allows the EC2 instances to access the application artifacts in the S3 bucket without going through the internet, thus meeting the new security requirement of running the instances with no internet access. Assigning an IAM instance profile to the EC2 instances allows them to read the application artifacts from the S3 bucket.
Topics
Community Discussion
No community discussion yet for this question.