SAP-C02 第 470 题
题目
A company wants to use Amazon WorkSpaces in combination with thin client devices to replace aging desktops. Employees use the desktops to access applications that work with Clinical trial data. Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding an additional branch office in the next 6 months. Which solution meets these requirements with the MOST operational efficiency?
中文翻译:
一家公司希望将 Amazon WorkSpaces 与瘦客户端设备结合使用来取代老化的桌面。员工使用桌面访问处理临床试验数据的应用程序。公司安全策略规定,对应用程序的访问必须仅限于公司分支机构位置。该公司正在考虑在未来 6 个月内增设一个分支机构。哪种解决方案能够以最高的运营效率满足这些要求?
选项
A. Create an IP access control group rule with the list of public addresses from the branch offices. Associate the IP access control group with the WorkSpaces directory.
中文翻译:
使用分支机构的公共地址列表创建 IP 访问控制组规则。将 IP 访问控制组与 WorkSpaces 目录关联。
B. Use AWS Firewall Manager to create a web ACL rule with an IPSet with the list of public addresses from the branch office locations. Associate the web ACL with the WorkSpaces directory.
中文翻译:
使用 AWS Firewall Manager 创建带有 IPSet 的 Web ACL 规则以及分支机构位置的公共地址列表。将 Web ACL 与 WorkSpaces 目录关联。
C. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machines deployed in the branch office locations. Enable restricted access on the WorkSpaces directory.
中文翻译:
使用 AWS Certificate Manager (ACM) 向部署在分支机构位置的计算机颁发受信任的设备证书。启用对 WorkSpaces 目录的受限访问。
D. Create a custom WorkSpace image with Windows Firewall configured to restrict access to the public addresses of the branch offices. Use the image to deploy the WorkSpaces. WorkSpaces。
中文翻译:
创建自定义工作区映像,并将 Windows 防火墙配置为限制对分支机构公共地址的访问。使用该映像部署 WorkSpace。工作空间。
答案
A
解析
正确答案:A 解析: 本题应选择 A。 正确选项: A. 使用分支机构的公共地址列表创建 IP 访问控制组规则。将 IP 访问控制组与 WorkSpaces 目录关联。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:CloudFront、Config。 排除思路: B...