Q4 — AWS ANS-C01 Ch.1

Question 4 of 100 | ← Chapter 1

A network engineer needs to standardize a company's approach to centralizing and managing interface VPC endpoints for private communication With AWS services. The company uses AWS Transit Gateway for inter-VPC connectivity between AWS accounts through a hub-and-spoke model. The company's network services team must manage all Amazon Route 53 zones and interface endpoints within a shared services AWS account. The company wants to use this centralized model to provide AWS resources with access to AWS Key Management Service (AWS KMS) without Sending tra¨c over the public internet. What should the network engineer do to meet these requirements?

Correct Answer: A. In the shared services account, create an interface endpoint for AWS KMS. Modify the interface endpoint by disabling the private DNS Name. Create a private hosted zone in the shared services account with an alias record that points to the interface endpoint. Associate the Private hosted zone with the spoke VPCs in each AWS account.

Explanation

为了满足公司使用集中化模型为AWS资源提供访问AWSKeyManagementService(AWSKMS)的需求,同时避免流量通过公共互联网传输,网络工程师应该采取以下步骤: 查看全部