Question 258:
You have an application running in an EC2 instance and the instance is placed in a private subnet within a VPC. The application collects data from clients, generates messages, and then pushes the messages to an SQS queue in the same AWS region. For security concerns, the messages should be delivered to the Amazon SQS queue over a secure, private network without being exposed to the internet. How would you achieve this requirement?
Answer options:
A.Create the SQS queue in the private subnet of the VPC. When the EC2 instance sends messages to the SQS queue, the traffic is within the private subnet. B.Configure a record set in Route 53 with the SQS queue name as its Alias target. The application delivers messages to the recordset through the private network. C.Configure a NAT gateway in the private subnet and use the NAT gateway to forward messages to the SQS queue for the application. D.In the VPC private subnet, create an Amazon VPC Endpoint for the Amazon SQS service. Enable the private DNS name for this endpoint.
