A company plans to build a custom natural language processing (NLP) model to classify and…

Question

A company plans to build a custom natural language processing (NLP) model to classify and prioritize user feedback. The company hosts the data and all machine learning (ML) infrastructure in the AWS Cloud. The ML team works from the company's office, which has an IPsec VPN connection to one VPC in the AWS Cloud. The company has set both the enableDnsHostnames attribute and the enableDnsSupport attribute of the VPC to true. The company's DNS resolvers point to the VPC DNS. The company does not allow the ML team to access Amazon SageMaker notebooks through connections that use the public internet. The connection must stay within a private network and within the AWS internal network. Which solution will meet these requirements with the LEAST development effort?

Accepted Answer

Correct answer: A. A. Create a VPC interface endpoint for the SageMaker notebook in the VPC. Access the notebook through a VPN connection and the VPC endpoint. — Creating an interface VPC endpoint (AWS PrivateLink) for Amazon SageMaker notebooks allows secure, private access directly over the IPsec VPN without traversing the public internet, requiring minimal configuration. Options B and C require provisioning and managing Amazon EC2 bastion hosts, which increases operational and development overhead. Option D is incorrect because a NAT gateway is designed for outbound internet access and does not establish a private connection to AWS services inside the internal network.

AWS Certified Machine Learning – Specialty — Question 283

Answer options

Correct answer: A

Explanation