MLA-C01 · Question #171
MLA-C01 Question #171: Real Exam Question with Answer & Explanation
The correct answer is B: Create a gateway VPC endpoint. Configure an endpoint policy that restricts access to the S3. A gateway VPC endpoint for Amazon S3 keeps S3 traffic on the AWS private network by adding S3-specific routes to the VPC route tables. An endpoint policy can further restrict access to the required bucket without using internet egress.
Question
A company deployed an Amazon SageMaker AI ML model to an endpoint by calling the CreateModel API operation. The network that was established with the API call includes two private subnets and one security group. The model must download data from an Amazon S3 bucket and must upload data to the S3 bucket. The traffic to the S3 bucket must not travel across the internet. Which solution will meet these requirements?
Options
- ACreate a NAT gateway. Configure the security group to allow outbound connections. Configure
- BCreate a gateway VPC endpoint. Configure an endpoint policy that restricts access to the S3
- CCreate an interface VPC endpoint. Verify that the security group allows only inbound connections.
- DCreate a Gateway Load Balancer VPC endpoint. Configure an IAM policy that restricts access to
Explanation
A gateway VPC endpoint for Amazon S3 keeps S3 traffic on the AWS private network by adding S3-specific routes to the VPC route tables. An endpoint policy can further restrict access to the required bucket without using internet egress.
Topics
Community Discussion
No community discussion yet for this question.