ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 125 - SCS-C02 discussion

Report
Export

A company is building a data processing application mat uses AWS Lambda functions. The application's Lambda functions need to communicate with an Amazon RDS OB instance that is deployed within a VPC in the same AWS account

Which solution meets these requirements in the MOST secure way?

A.
Configure the DB instance to allow public access Update the DB instance security group to allow access from the Lambda public address space for the AWS Region
Answers
A.
Configure the DB instance to allow public access Update the DB instance security group to allow access from the Lambda public address space for the AWS Region
B.
Deploy the Lambda functions inside the VPC Attach a network ACL to the Lambda subnet Provide outbound rule access to the VPC CIDR range only Update the DB instance security group to allow traffic from 0.0.0.0/0
Answers
B.
Deploy the Lambda functions inside the VPC Attach a network ACL to the Lambda subnet Provide outbound rule access to the VPC CIDR range only Update the DB instance security group to allow traffic from 0.0.0.0/0
C.
Deploy the Lambda functions inside the VPC Attach a security group to the Lambda functions Provide outbound rule access to the VPC CIDR range only Update the DB instance security group to allow traffic from the Lambda security group
Answers
C.
Deploy the Lambda functions inside the VPC Attach a security group to the Lambda functions Provide outbound rule access to the VPC CIDR range only Update the DB instance security group to allow traffic from the Lambda security group
D.
Peer the Lambda default VPC with the VPC that hosts the DB instance to allow direct network access without the need for security groups
Answers
D.
Peer the Lambda default VPC with the VPC that hosts the DB instance to allow direct network access without the need for security groups
Suggested answer: C

Explanation:

This solution ensures that the Lambda functions are deployed inside the VPC and can communicate with the Amazon RDS DB instance securely. The security group attached to the Lambda functions only allows outbound traffic to the VPC CIDR range, and the DB instance security group only allows traffic from the Lambda security group. This solution ensures that the Lambda functions can communicate with the DB instance securely and that the DB instance is not exposed to the public internet.

asked 16/09/2024
Jyothiswaroop Rajan
27 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first