AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an AWS Direct Connect connection to the on-premises data center. Store the service account credentials in AWS Secrets Manager.

Option B is CORRECT because AWS Direct Connect establishes a private, high-bandwidth, low-latency connection between the on-premises data center and AWS, avoiding the public internet. Storing service account credentials in AWS Secrets Manager ensures secure management of credentials, reducing the risk of unauthorized access and simplifying rotation and retrieval of sensitive information.

Author: Ritesh Yadav

Quick Answer

Answer-first summary for fast verification

Answer: Create an AWS Direct Connect connection to the on-premises data center. Store the service account credentials in AWS Secrets Manager.

Author: Ritesh Yadav

Comments (0)

No comments yet.

Question 36/58

A data engineer needs to onboard a new data producer into AWS. The data producer needs to migrate data products to AWS.

The data producer maintains many data pipelines that support a business application. Each pipeline must have service accounts and their corresponding credentials. The data engineer must establish a secure connection from the data producer’s on-premises data center to AWS. The data engineer must not use the public internet to transfer data from an on-premises data center to AWS.

Which solution will meet these requirements?

Exam-Like

Community

RRitesh

Last updated: May 2, 2026 at 06:21

Instruct the new data producer to create Amazon Machine Images (AMIs) on Amazon Elastic Container Service (Amazon ECS) to store the code base of the application. Create security groups in a public subnet that allow connections only to the on-premises data center.

Create an AWS Direct Connect connection to the on-premises data center. Store the service account credentials in AWS Secrets Manager.

Create a security group in a public subnet. Configure the security group to allow only connections from the CIDR blocks that correspond to the data producer. Create Amazon S3 buckets that contain presigned URLs that have one-day expiration dates.

Create an AWS Direct Connect connection to the on-premises data center. Store the application keys in AWS Secrets Manager. Create Amazon S3 buckets that contain presigned URLs that have one-day expiration dates.