Kizspy | Question: 20
(Choose 3 answers)
A solutions architect is designing a hybrid solution. The solution uses Amazon Virtual Private Cloud (Amazon
VPC) resources, such Amazon Relational Database Service (Amazon RDS) and Amazon Elastic Compute
Cloud (Amazon EC2). It also uses services that are not in a VPC, such as Amazon Simple Storage Service
(Amazon S3) and AWS Systems Manager. Which statements about Amazon VPC and the scope of AWS
services are correct? (Choose THREE.)
A. Amazon VPC gives the user full control over their virtual networking environment. Therefore, the solutions
architect can define firewall rules on the networking level for VPC-based resources.
B. Because S3 buckets do not reside inside a VPC, the customer can rely on AWS to configure security
mechanisms, such as permissions and bucket policies. Thus, security is automatically applied on the data
level because this level of security is the responsibility of AWS.
C. VPC-based services that reside in a private subnet require specific configurations to enable internet
access, such as a NAT gateway and route tables.
D. When possible, customers should avoid having services reside in VPCs because a networking
misconfiguration can accidentally leave the infrastructure in an unsafe state.
E. Using AWS resources like Amazon S3 is less secure because they are public resources by default.
F. AWS VPN solutions can be configured to establish secure connections between on-premises networks,
remote offices, client devices, and the AWS global network.
