AWS Certified Solutions Architect – Associate (SAA-C02) — Question 64

An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

Answer options

• A. Use a VPC endpoint for DynamoDB.
• B. Use a NAT gateway in a public subnet.
• C. Use a NAT instance in a private subnet.
• D. Use the internet gateway attached to the VPC.

Correct answer: A

Explanation

The most secure way to access DynamoDB from private subnets is by using a VPC endpoint, as it allows for private connectivity without traffic leaving the AWS network. A NAT gateway or NAT instance would route traffic through the internet, which is less secure, and an internet gateway would expose the resources to the public internet, defeating the purpose of using private subnets.