An organization wants to process sensitive information using the Amazon EMR service. The information is stored in on-premises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN connectivity to the on-premises network. The security organization does not allow Amazon EC2 instances to run in the public subnet. What is the MOST simple and secure architecture that will achieve the organization's goal?
A) Use the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.
B) use the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.
C) Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint.
D) Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint and a NAT gateway.
Correct Answer:
Verified
Q77: You have a three-tier web application with
Q78: You have to set up an AWS
Q79: Your application is hosted behind an Elastic
Q80: You use a VPN to extend your
Q81: An organization will be expanding its current
Q83: You are building an application in AWS
Q84: Your company uses an NTP server to
Q85: All IP addresses within a 10.0.0.0/16 VPC
Q86: A Network Engineer needs to create a
Q87: An organization is using a VPC endpoint
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents