Amazon Exam PAS-C01 Topic 1 Question 10 Discussion

Actual exam question for Amazon's PAS-C01 exam

Question #: 10
Topic #: 1

A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.

Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.

What must the company do on AWS to meet these requirements?

AAdd an outbound rule to the security group of the SAP PO system to allow the FODN of the payroll SaaS provider and deny all other outbound traffic

BAdd an outbound rule to the network ACL of the subnet that contains the SAP PO system to allow the FQDN of the payroll SaaS provider and deny all other outbound traffic

CAdd an AWS WAF web ACL to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

DAdd an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

Show Suggested Answer

Suggested Answer: A

by Bette at Jan 06, 2023, 02:04 AM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Bobbye

19 days ago

I think option C could also work by adding an AWS WAF web ACL to the VPC. It's important to consider all options before making a decision.

upvoted 0 times

...

Junita

20 days ago

I agree with Owen. It's important to only allow the necessary outbound traffic to meet the security guidelines.

upvoted 0 times

...

Owen

22 days ago

I think the company should add an outbound rule to the security group of the SAP PO system to allow the FQDN of the payroll SaaS provider.

upvoted 0 times

...