Q64 — AWS ANS-C01 Ch.1
Question 64 of 100 | ← Chapter 1
A company plans to deploy a two-tier web application to a new VPC in a single AWS Region. The company has con¦gured the VPC with an internet Gateway and four subnets. Two of the subnets are public and have default routes that point to the internet gateway. Two of the subnets are private And share a route table that does not have a default route. The application will run on a set of Amazon EC2 instances that will be deployed behind an external Application Load Balancer. The EC2 instances Must not be directly accessible from the internet. The application will use an Amazon S3 bucket in the same Region to store data. The application Will invoke S3 GET API operations and S3 PUT API operations from the EC2 instances. A network engineer must design a VPC architecture that Minimizes data transfer cost. Which solution will meet these requirements?
- A. Deploy the EC2 instances in the public subnets. Create an S3 interface endpoint in the VPC. Modify the application con¦guration to use the S3 endpoint-speci¦c DNS hostname.
- B. Deploy the EC2 instances in the private subnets. Create a NAT gateway in the VPC. Create default routes in the private subnets to the NAT Gateway. Connect to Amazon S3 by using the NAT gateway.
- C. Deploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VPSpecify die route table of the private subnets During endpoint creation to create routes to Amazon S3. ✓
- D. Deploy the EC2 instances in the private subnets. Create an S3 interface endpoint in the VPC. Modify the application con¦guration to use the S3 endpoint-speci¦c DNS hostname.
Correct Answer: C. Deploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VPSpecify die route table of the private subnets During endpoint creation to create routes to Amazon S3.
Explanation
题目要求设计一个能满足需求且最小化数据传输成本的VPC架构。A选项,将EC2实例部署在公共子网不符合“EC2实例不能直接从互联网访问”的要求。B选项,通过NAT网关连接到AmazonS3会产生额外的数据传输成本。C选项,将EC2实例部署在私有子网,并创建S3网关端点,指定私有子网的路由表在端点创建期间创建到AmazonS3的路由,既能满足EC2实例不能直接从互联网访问的需求,又能最小化数据传输成本。D选项,创建的是S3接口端点,不如S3网关端点在满足需求和降低成本方面更合适。综上所述,C选项是正确答案。 查看全部