Explanation:
To keep traffic within the VPC network boundary, an interface VPC endpoint (powered by AWS PrivateLink) should be used for QuickSight. This allows private communication between the VPC and QuickSight without using public IP addresses or traversing the public internet. QuickSight then uses a manifest file to access the data in S3. Using a gateway endpoint for S3 (Option C) helps with S3 access but does not secure the QuickSight connection itself within the VPC boundary as required.
Ultimate access to all questions.
Question #35\nA finance company stores confidential data in an Amazon S3 bucket. The company uses Amazon QuickSight to analyze the data and create dashboard reports. The company requires that all data access and connections to QuickSight remain within the company's VPC network boundary.\nWhich solution will meet these requirements?
A
Create an interface VPC endpoint for QuickSight. Configure the endpoint to connect to QuickSight within the VPC by using AWS PrivateLink. Create a manifest file that points to the S3 data. Grant QuickSight permission to access the S3 bucket.
B
Set up a VPC endpoint for QuickSight. Use an Amazon EC2 instance as a proxy to establish a direct connection between the VPC and QuickSight. Create a manifest file that points to the S3 data. Store the manifest on the EC2 instance. Grant QuickSight permission to access the EC2 instance.
C
Configure an Amazon S3 VPC gateway endpoint. Route all data from QuickSight through the endpoint to transfer data. Grant QuickSight permission to access the S3 bucket.
D
Configure a NAT gateway in the company's VPC. Route all data from QuickSight through the NAT gateway to transfer data. Grant QuickSight permission to access the S3 bucket.
E
F
No comments yet.