A software-as-a-service (SaaS) company hosts an application on AWS in a VPC. External cus…

Question

A software-as-a-service (SaaS) company hosts an application on AWS in a VPC. External customers will use the application on their own Amazon EC2 instances.
To access the application, the customers need to install a client application on an EC2 instance in a VPC in their AWS accounts.
A security engineer is designing a solution to allow communication between the client software and the SaaS application. The solution must maximize scalability and security.
Which combination of actions will meet these requirements? (Choose two.)

Accepted Answer

Correct answer: A, D. A. Create a Network Load Balancer (NLB) in the VPC in the SaaS company account. Use the NLB for TLS termination and load balancing. Use EC2 instances as targets for the NLB. — D. Create an AWS PrivateLink endpoint service in the VPC in the SaaS company account. Create a PrivateLink interface endpoint in the VPCs in the customer accounts. — To securely and scalably share a service hosted in one VPC with multiple external customer VPCs, AWS PrivateLink is the best practice. To configure PrivateLink, a Network Load Balancer (NLB) must first be deployed in the service provider's VPC to distribute traffic to the application instances, as an NLB is a prerequisite for creating a PrivateLink endpoint service. Then, the endpoint service is created in the provider's VPC, allowing customers to provision interface endpoints in their own VPCs to privately and securely connect to the service without requiring complex VPC peering configurations or risking IP address overlap.

AWS Certified Security – Specialty — Question 277

Answer options

Correct answer: A, D

Explanation