Which concern from the security team is valid and should be addressed?

Posted by: Pdfprep Category: ANS-C00 Tags: , ,

Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company’s highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to AWS for an AWS-owned address for a Public Virtual Interface (VIF).

The security team is calling this new connection a “backdoor”, and you have been asked to clarify the risk to the company.

Which concern from the security team is valid and should be addressed?
A . AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
B . Direct Connect customers with a Public VIF in the same region could directly reach the router.
C . EC2 instances in the same region with access to the Internet could directly reach the router.
D . The S3 service could reach the router through a pre-configured VPC Endpoint.

Answer: A

Leave a Reply

Your email address will not be published.