-
No mention of Internet access
updated 1 week, 6 days ago
2 Members
·
2
Posts
-
Timed Mode Set 5 – AWS Certified Solutions Architect Professional
Q31
A company is developing a serverless application that is deployed on AWS Lambda. The application consists of several Lambda functions that resize, watermark, and process images. The metadata generated from the functions is written in an Amazon DynamoDB table. The company deployed an Amazon Neptune DB cluster in three private subnets inside a VPC. A new feature was developed that requires the Lambda functions to access the Neptune DB cluster.
Which of the following options are possible solutions to allow the Lambda functions to access both the DynamoDB table and Neptune DB cluster? (Select TWO.)
The only requirements here are for Lambda to access Neptune DB & Dynamo DB. There is no requirement for internet access from Lambda. Why should a NAT Gateway be used here?
-
Hello Kumar Mahadevan,
Thank you for sharing your thoughts on this item. Take note that there are questions in the actual AWS exam that are difficult, tricky and ambiguous. You have to be prepared to look for specific keywords or key phrases in order to find the most suitable answer. This is the style that we are trying to mimic in our practice tests. Some of the questions do not explicitly show the obvious keywords or phrases that will easily point to the answer.
The given question asks for two possible solutions to allow the Lambda functions to access both the DynamoDB table and Neptune DB cluster.
The correct answers are:
– Deploy the AWS Lambda functions into three new private subnets in the same VPC. Update the Neptune DB security group to allow connections from the Lambda security group. Create a DynamoDB VPC endpoint and update the route table for routing DynamoDB requests is correct because in the private subnet, the Lambda functions can directly access the Neptune DB cluster, and the DynamoDB table via the DynamoDB VPC endpoint.
– Deploy the AWS Lambda functions into three new private subnets in the same VPC. Update the Neptune DB security group to allow connections from the Lambda security group. Route the internet traffic of the Lambda functions through a NAT gateway is correct because communications to and from DynamoDB use the HTTPS protocol by default. This is done through HTTPS API calls over the internet, ensuring that network traffic is secured with SSL/TLS encryption. A NAT gateway allows private resources, such as Lambda functions, to route their traffic to the internet securely.
Hope this helps! Let us know if you need further assistance.
Best regards,
JR @ Tutorials Dojo
Log in to reply.