Answer-first summary for fast verification
Answer: Replace the existing Redshift cluster with a new Redshift cluster that is in a private subnet. Use an interface VPC endpoint to connect to the Redshift cluster. Use a NAT gateway to give Redshift access to the S3 bucket., Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
Option A is CORRECT because replacing the existing Redshift cluster with a new Redshift cluster in a private subnet and using an interface VPC endpoint ensures that data transfers between Redshift and other AWS services, such as S3, remain within the AWS network. This setup, combined with enhanced VPC routing, ensures that data does not leave the AWS environment. Using a NAT gateway provides the Redshift cluster with access to the S3 bucket while maintaining the security and compliance requirements. Option C is CORRECT because enabling enhanced VPC routing for the Redshift cluster ensures that all communication between the Redshift cluster and S3 is routed through the VPC. This setup means that data does not travel over the public internet. Additionally, using an AWS Direct Connect connection can provide a secure and private link between the company’s VPC and the on-premises environment, ensuring compliance with regulatory requirements for secure data access.
Author: Ritesh Yadav
Ultimate access to all questions.
Question 1/58
A finance company uses Amazon Redshift as a data warehouse. The company stores the data in a shared Amazon S3 bucket. The company uses Amazon Redshift Spectrum to access the data that is stored in the S3 bucket. The data comes from certified third-party data providers. Each third-party data provider has unique connection details.
To comply with regulations, the company must ensure that none of the data is accessible from outside the company’s AWS environment.
Which combination of steps should the company take to meet these requirements? (Choose two.)
A
Replace the existing Redshift cluster with a new Redshift cluster that is in a private subnet. Use an interface VPC endpoint to connect to the Redshift cluster. Use a NAT gateway to give Redshift access to the S3 bucket.
B
Create an AWS CloudHSM hardware security module (HSM) for each data provider. Encrypt each data provider's data by using the corresponding HSM for each data provider.
C
Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
D
Define table constraints for the primary keys and the foreign keys.
E
Use federated queries to access the data from each data provider. Do not upload the data to the S3 bucket. Perform the federated queries through a gateway VPC endpoint.
No comments yet.