A company is running an Amazon SageMaker training job that will access data stored in its Amazon S3 bucket A compliance policy requires that the data never be transmitted across the internet.
How should the company set up the job?
A . Launch the notebook instances in a public subnet and access the data through the public S3 endpoint
B . Launch the notebook instances in a private subnet and access the data through a NAT gateway
C . Launch the notebook instances in a public subnet and access the data through a NAT gateway
D . Launch the notebook instances in a private subnet and access the data through an S3 VPC endpoint.
Answer: D
Explanation:
A private subnet is a subnet that does not have a route to the internet gateway, which means that the resources in the private subnet cannot access the internet or be accessed from the internet. An S3 VPC endpoint is a gateway endpoint that allows the resources in the VPC to access the S3 service without going through the internet. By launching the notebook instances in a private subnet and accessing the data through an S3 VPC endpoint, the company can set up the job in a secure and compliant way, as the data never leaves the AWS network and is not exposed to the internet. This can also improve the performance and reliability of the data transfer, as the traffic does not depend on the internet bandwidth or availability.
Reference:
Amazon VPC Endpoints – Amazon Virtual Private Cloud
Endpoints for Amazon S3 – Amazon Virtual Private Cloud Connect to SageMaker Within your VPC – Amazon SageMaker Working with VPCs and Subnets – Amazon Virtual Private Cloud
Latest MLS-C01 Dumps Valid Version with 104 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund