SAP-C02 第 255 题
题目
A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service. In each AWS account with a client, an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit logs using the VPC endpoint. Which combination of steps should a solutions architect take to resolve this issue? (Choose two.)
中文翻译:
一家公司正在创建在 Amazon EC2 上运行的集中式日志记录服务,该服务将接收和分析来自数百个 AWS 账户的日志。 AWS PrivateLink 用于提供客户端服务和日志记录服务之间的连接。在每个具有客户端的 AWS 账户中,已为日志记录服务创建了一个接口终端节点并且可用。在具有网络负载均衡器 (NLB) 的 EC2 实例上运行的日志记录服务部署在不同的子网中。客户端无法使用 VPC 终端节点提交日志。解决方案架构师应采取哪些步骤组合来解决此问题? (选择两个。)
选项
A. Check that the NACL is attached to the logging service subnet to allow communications to and from the NLB subnets. Check that the NACL is attached to the NLB subnet to allow communications to and from the logging service subnets running on EC2 instances.
中文翻译:
检查 NACL 是否已连接到日志记录服务子网,以允许与 NLB 子网之间的通信。检查 NACL 是否已附加到 NLB 子网,以允许与 EC2 实例上运行的日志服务子网之间进行通信。
B. Check that the NACL is attached to the logging service subnets to allow communications to and from the interface endpoint subnets. Check that the NACL is attached to the interface endpoint subnet to allow communications to and from the logging service subnets running on EC2 instances.
中文翻译:
检查 NACL 是否已附加到日志记录服务子网,以允许与接口端点子网之间的通信。检查 NACL 是否已附加到接口终端节点子网,以允许与 EC2 实例上运行的日志服务子网之间进行通信。
C. Check the security group for the logging service running on the EC2 instances to ensure it allows ingress from the NLB subnets.
中文翻译:
检查 EC2 实例上运行的日志记录服务的安全组,以确保它允许来自 NLB 子网的入口。
D. Check the security group for the logging service running on EC2 instances to ensure it allows ingress from the clients.
中文翻译:
检查 EC2 实例上运行的日志服务的安全组,以确保它允许来自客户端的入口。
E. Check the security group for the NLB to ensure it allows ingress from the interface endpoint subnets.
中文翻译:
检查 NLB 的安全组以确保它允许从接口端点子网进入。
答案
AC
解析
正确答案:AC 解析: 本题应选择 AC。 正确选项: A. 检查 NACL 是否已连接到日志记录服务子网,以允许与 NLB 子网之间的通信。检查 NACL 是否已附加到 NLB 子网,以允许与 EC2 实例上运行的日志服务子网之间进行通信。 C. 检查 EC2 实例上运行的日志记录服务的安全组,以确保它允许来自 NLB 子网的入口。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词...