Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Amazon Web Services AWS Certified Security – Specialty SCS-C03 Question # 9 Topic 1 Discussion

Amazon Web Services AWS Certified Security – Specialty SCS-C03 Question # 9 Topic 1 Discussion

SCS-C03 Exam Topic 1 Question 9 Discussion:
Question #: 9
Topic #: 1

A company’s application team wants to replace an internal application with a new AWS architecture that consists of Amazon EC2 instances, an AWS Lambda function, and an Amazon S3 bucket in a single AWS Region. After an architecture review, the security team mandates that no application network traffic can traverse the public internet at any point. The security team already has an SCP in place for the company’s organization in AWS Organizations to restrict the creation of internet gateways, NAT gateways, and egress-only gateways.

Which combination of steps should the application team take to meet these requirements? (Select THREE.)


A.

Create an S3 endpoint that has a full-access policy for the application’s VPC.


B.

Create an S3 access point for the S3 bucket. Include a policy that restricts the network origin to VPCs.


C.

Launch the Lambda function. Enable the block public access configuration.


D.

Create a security group that has an outbound rule over port 443 with a destination of the S3 endpoint. Associate the security group with the EC2 instances.


E.

Create a security group that has an outbound rule over port 443 with a destination of the S3 access point. Associate the security group with the EC2 instances.


F.

Launch the Lambda function in a VPC.


Get Premium SCS-C03 Questions

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.