ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 4 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 4
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A global delivery company is modernizing its fleet management system. The company has several business units. Each business unit designs and maintains applications that are hosted in its own AWS account in separate application VPCs in the same AWS Region. Each business unit's applications are designed to get data from a central shared services VPC.
The company wants the network connectivity architecture to provide granular security controls. The architecture also must be able to scale as more business units consume data from the central shared services VPC in the future.
Which solution will meet these requirements in the MOST secure manner?

  • A. Create a central transit gateway. Create a VPC attachment to each application VPC. Provide full mesh connectivity between all the VPCs by using the transit gateway.
  • B. Create VPC peering connections between the central shared services VPC and each application VPC in each business unit's AWS account.
  • C. Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPCreate VPC endpoints in each application VPC.
  • D. Create a central transit VPC with a VPN appliance from AWS Marketplace. Create a VPN attachment from each VPC to the transit VPC. Provide full mesh connectivity among all the VPCs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zaazanuna at March 18, 2023, 5:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 7 months, 3 weeks ago
Selected Answer: C
Answer: C. Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPC. Create VPC endpoints in each application VPC. Explanation: AWS PrivateLink enables private connectivity between VPCs without traversing the internet. Creating VPC endpoint services in the central shared services VPC ensures secure and scalable access for each business unit's applications, meeting the requirement for granular security controls and scalability without complex mesh configurations or VPN overhead.
upvoted 36 times
...
Duke_CT
Most Recent 5 days, 1 hour ago
Selected Answer: C
option C is correct because granualr control in service level,
upvoted 1 times
...
beanxyz
10 months, 2 weeks ago
Selected Answer: C
vpc endpoints provides granualr control in service level, while tgw in network level
upvoted 1 times
...
Raphaello
10 months, 2 weeks ago
Selected Answer: C
Correct answer is C. Key words: granular security controls. Option A allows "full mesh", and therefore does not fulfill the requirement.
upvoted 1 times
...
tromyunpak
11 months ago
The most secure option is C as privatelink is one way. A is too permissive due to transit gateway full mesh configuration. B is good but traffic is 2 way whilst D doesn't make sense
upvoted 2 times
...
vikasj1in
1 year ago
Selected Answer: C
AWS PrivateLink: This solution enables you to access services over a private connection between your VPC and the service, keeping traffic within the AWS network. VPC Endpoint Services: By creating an endpoint service in the central shared services VPC, you can expose specific services privately to other VPCs using AWS PrivateLink. Each application VPC can then create VPC endpoints to connect to the shared services privately.
upvoted 1 times
...
Marfee400704
1 year ago
I think that it's correct answer is C according to SPOTO products.
upvoted 1 times
...
marfee
1 year ago
I think that it's correcty answer is A.
upvoted 1 times
...
task_7
1 year, 3 months ago
You can create up to 100 VPC endpoints per VPC. Not as scalable as TG
upvoted 3 times
...
decieredavidolo
1 year, 4 months ago
Greetings to all, i bring you good news today. Those of you who are into IT and wanna venture into cybersecurity and having difficulties to study and how to go through are hereby advice to get directories from the global certification support center. They orientate you on how to get and pass certifications with lots of ease making you competent and master in the field. Reach them using the site globalcertcenter.org Good luck
upvoted 1 times
...
Andrea13
1 year, 4 months ago
The best solution for this scenario is option C: Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPC. Create VPC endpoints in each application VPC.
upvoted 1 times
...
MEDES
1 year, 4 months ago
A is correct. Option C is not the most secure solution because it does not provide granular security controls. AWS PrivateLink is a service that enables you to access services hosted on AWS in a highly available and scalable manner. It provides a convenient way to connect to applications/services by name with added security.
upvoted 1 times
...
Fukat
1 year, 7 months ago
Option C https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html Option A is also correct but it mentions “Provide full mesh connectivity between all the VPCs” which is not required as per the cx need
upvoted 2 times
...
[Removed]
1 year, 7 months ago
Selected Answer: A
A is correct. Option C is not the most secure solution because it does not provide granular security controls. AWS PrivateLink is a service that enables you to access services hosted on AWS in a highly available and scalable manner. It provides a convenient way to connect to applications/services by name with added security.
upvoted 1 times
[Removed]
1 year, 7 months ago
Edit, changing to C Turns out AWS PrivateLink provides granular security control
upvoted 2 times
...
...
tcp22
1 year, 8 months ago
Option C, also A is not cost efficient
upvoted 1 times
...
emmanuelodenyire
1 year, 9 months ago
Selected Answer: C
Option C suggests creating VPC endpoint services powered by AWS PrivateLink in the central shared services VPC and creating VPC endpoints in each application VPC. This solution is a secure way to provide connectivity between the central shared services VPC and each business unit's VPC. It provides granular security controls as the VPC endpoints are private and can only be accessed by the VPC that created them. It also addresses the requirement for scalability as adding new VPCs only requires creating new VPC endpoints. Therefore, this option is a possible correct answer.
upvoted 2 times
...
bogehad181
1 year, 10 months ago
Selected Answer: C
Bumping C.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago