Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 7 Question 22 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 22
Topic #: 7
[All SCS-C02 Questions]

A company wants to configure DNS Security Extensions (DNSSEC) for the company's primary domain. The company registers the domain with Amazon Route 53. The company hosts the domain on Amazon EC2 instances by using BIND.

What is the MOST operationally efficient solution that meets this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: C

In an AWS environment where a VPC has no internet access and requires communication with AWS services such as Secrets Manager, the most secure method is to use an interface VPC endpoint (AWS PrivateLink). This allows private connectivity to services like Secrets Manager, enabling AWS Lambda functions and other resources within the VPC to access Secrets Manager without requiring an internet gateway, NAT gateway, or VPN connection. Interface VPC endpoints are powered by AWS PrivateLink, a technology that enables private connectivity between AWS services using Elastic Network Interfaces (ENI) with private IPs in your VPCs. This option is more secure than creating a NAT gateway because it doesn't expose the resources to the internet and adheres to the principle of least privilege by providing direct access to only the required service.


by Aracelis at Jun 30, 2024, 03:29 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Serina
12 days ago
That's a valid point, Orville. Option B does seem to simplify the process by leveraging AWS services for key management. It could be a more secure and scalable solution.
upvoted 0 times
...
Latricia
13 days ago
I'd go with Option D. Migrating to Route 53 with DNSSEC and using AWS KMS for the KSK is a straightforward way to meet the requirement.
upvoted 0 times
...
Jospeh
14 days ago
Option B seems the most operationally efficient solution. Migrating the zone to Route 53 with DNSSEC signing enabled and using AWS KMS for the keys is a secure and managed approach.
upvoted 0 times
...
Orville
15 days ago
I disagree, I believe option B is more efficient. Migrating the zone to Route 53 with DNSSEC signing enabled and using AWS KMS for key management seems like a better approach.
upvoted 0 times
...
Serina
16 days ago
I think option A is the best solution. It involves configuring DNSSEC in BIND and creating ZSK and KSK keys.
upvoted 0 times
...
Dierdre
16 days ago
I'm leaning towards option B, it seems like a secure choice.
upvoted 0 times
...
Jodi
19 days ago
I disagree, I believe option C is more efficient.
upvoted 0 times
...
Donte
20 days ago
I think option A is the best solution.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77