PAS-C01 · Question #71
PAS-C01 Question #71: Real Exam Question with Answer & Explanation
Sign in or unlock PAS-C01 to reveal the answer and full explanation for question #71. The question stem and answer options stay visible for context.
Question
A company deploys its SAP ERP system on AWS in a highly available configuration across two Availability Zones. The cluster is configured with an overlay IP address and a Network Load Balancer (NLB) to provide access to the SAP application layer to all users. The company's analytics team has created several Operational Data Provisioning (ODP) extractor services for the SAP ERP system. A highly available ETL system will call the ODP extractor services. The ETL system is hosted on Amazon EC2 instances that are deployed in an analytics VPC in a different AWS account. An SAP solutions architect needs to prevent the ODP extractor services from being used as an attack vector to overload the SAP ERP system. Which solution will provide the MOST protection for the ODP extractor services?
Options
- AConfigure VPC peering between the SAP VPC and the analytics VPC. Use network ACL rules in
- BCreate a transit gateway in the SAP account. Share the transit gateway with the analytics account.
- CConfigure VPC peering between the SAP VPC and the analytics VPUpdate the NLB security group
- DCreate a VPC endpoint service configuration on the SAP VPC. Specify the NLB in the endpoint
Unlock PAS-C01 to see the answer
You've previewed enough free PAS-C01 questions. Unlock PAS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.