Q39 — AWS ANS-C01 Ch.1
Question 39 of 100 | ← Chapter 1
A company is running a hybrid cloud environment. The company has multiple AWS accounts as part of an organization in AWS Organizations. The company needs a solution to manage a list of IPv4 on-premises hosts that will be allowed to access resources in AWS. The solution must provide version control for the list of IPv4 addresses and must make the list available to the AWS accounts in the organization. Which solution will meet these requirements?
- A. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS Resource Access Manager. Add the managed prefix list to the resource share. Share the resource with the organization. ✓
- B. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Use AWS Firewall Manager to share the managed prefix list with the organization.
- C. Create a security group. Add inbound rule entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS Resource Access Manager. Add the security group to the resource share. Share the resource with the organization.
- D. Create an Amazon DynamoDB table. Add entries for the initial list of on-premises IPv4 hosts. Create an AWS Lambda function that assumes a role in each AWS account in the organization to authorize inbound rules on security groups based on entries from the DynamoDB table.
Correct Answer: A. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS Resource Access Manager. Add the managed prefix list to the resource share. Share the resource with the organization.
Explanation
在这种情况下,创建客户管理的前缀列表(customer-managedprefixlist)可以有效地管理允许访问AWS资源的本地IPv4主机列表。添加初始的主机条目后,通过在AWS资源访问管理器(AWSResourceAccessManager)中创建资源共享并添加该前缀列表,然后与组织共享资源,能够满足提供版本控制和向组织内的AWS账户提供列表的要求。B选项中,AWSFirewallManager主要用于防火墙策略管理,不太适合此场景。C选项,安全组主要用于控制入站和出站流量规则,不如前缀列表适合管理主机列表。D选项,使用DynamoDB表和Lambda函数来实现较为复杂,且可能存在性能和管理上的不便。综上,选项A是正确答案。 查看全部