Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$2 OFF in ALL Azure Practice Exams & NEW AZ-500 Microsoft Azure Security Engineer Associate Practice Exams at $10.99!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Advanced Networking – Specialty Incorrect Answer Explanation (S3 Interface Endpoint)

  • Incorrect Answer Explanation (S3 Interface Endpoint)

     Carlo-TutorialsDojo updated 1 month, 4 weeks ago 3 Members · 3 Posts
    AWS Certified Advanced Networking – Specialty

  • JordanP

    Member
    November 22, 2022 at 5:19 am

    The part that I bolded below is incorrect. A VPC interface endpoint can be used for S3. While I do not disagree with the answer to the question, the explanation is wrong. Source: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html

    ——-

    Question:

    Category: ANS – Network Implementation

    An application is running on an Amazon EC2 instance launched in a private subnet in us-east-1 (N. Virginia) region. A new feature will be released that requires the application to pull data from several public web services over the Internet to complete its processing. The result will be stored to an S3 bucket in the same region. The Network Engineer must restrict outbound Internet access to a list of whitelisted URLs only.

    What should the Engineer do to satisfy these requirements?

    Explanation:

    The option that says: Deploy a NAT instance in a public subnet. Install a Squid proxy in the instance to whitelist the outbound Internet access. Create a VPC Interface endpoint to access the Amazon S3 bucket is incorrect because you have to create a VPC Gateway endpoint to allow access to the S3 bucket and not a VPC Interface endpoint. Same thing as well if you want to connect to a DynamoDB table. An Interface endpoint is only applicable for Amazon RDS Data API, Amazon SNS, Amazon SQS, and others.

  • sysroute

    Member
    February 16, 2024 at 9:34 pm

    I’ve just noticed the same, which means also (if I’m not mistaken) we could have two correct answers in this question:
    1. Launch a NAT instance in a public subnet with a running Squid proxy to whitelist the outbound Internet access. Create a VPC Gateway endpoint to access the Amazon S3 bucket.

    2. Deploy a NAT instance in a public subnet. Install a Squid proxy in the instance to whitelist the outbound Internet access. Create a VPC Interface endpoint to access the Amazon S3 bucket.

    • Carlo-TutorialsDojo

      Member
      February 20, 2024 at 5:34 pm

      Hello sysroute,

      Thanks for your feedback.

      Yes. Amazon S3 does supports both Interface Endpoints and Gateway Endpoints. We’ll update the question to correct this.

      Let me know if you have any other clarifications.

      Regards,

      Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now