Q65 — AWS SAP-C02 Ch.3

Question 65 of 75 | ← Chapter 3

Q290. A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS. Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

Correct Answer: A. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Setup an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC., C. Create an Amazon S3interface endpoint in the networking account

Explanation

To send data from on-premises systems to Amazon S3 buckets privately without the data traveling across the internet, a solution involving AWS Direct Connect and VPCs should be implemented. The VPCs can be peered to allow private communication between them. Since the S3 buckets are in different accounts, an interface endpoint should be created in each account that hosts an S3 bucket. Therefore, the correct combination of steps to meet these requirements is: A. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Setup an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC. C. Create an Amazon S3 interface endpoint in the networking account. Step A creates a dedicated networking account and a private VPC for secure communication. Step A also sets up an AWS Direct Connect connection with a private VIF for a private connection between the on- premises environment and the private VPC. Step C creates an interface endpoint in each account that hosts an S3 bucket to allow secure and private access to the bucket. Option B is incorrect because setting up an AWS Direct Connect connection with a public VIF would not provide the required private access to the S3 buckets. Option D is incorrect because creating an S3 gateway endpoint is not applicable for sending data from on- premises systems to S3 buckets. Option E is incorrect because peering VPCs from different accounts requires the use of a VPC peering connection and is not applicable for sending data from on-premises systems to S3 buckets.