Question

An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data.

How can the organization control which networks can access the cluster?

A. Run the cluster in a different VPC and connect through VPC peering.

B. Create a database user inside the Amazon Redshift cluster only for users on the network.

C. Define a cluster security group for the cluster that allows access from the allowed networks.

D. Only allow access to networks that connect with the shared services network via VPN.

Answer 1

C – A security group can grant access to traffic from the allowed networks via the CIDR range for each network. VPC peering and VPN are connectivity services and cannot control traffic for security. Amazon Redshift user accounts address authentication and authorization at the user level and have no control over network traffic.