ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 25 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 25
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A global company operates all its non-production environments out of three AWS Regions: eu-west-1, us-east-1, and us-west-1. The company hosts all its production workloads in two on-premises data centers. The company has 60 AWS accounts and each account has two VPCs in each Region. Each VPC has a virtual private gateway where two VPN connections terminate for resilient connectivity to the data centers. The company has 360 VPN tunnels to each data center, resulting in high management overhead. The total VPN throughput for each Region is 500 Mbps.
The company wants to migrate the production environments to AWS. The company needs a solution that will simplify the network architecture and allow for future growth. The production environments will generate an additional 2 Gbps of traffic per Region back to the data centers. This traffic will increase over time.
Which solution will meet these requirements?

  • A. Set up an AWS Direct Connect connection from each data center to AWS in each Region. Create and attach private VIFs to a single Direct Connect gateway. Attach the Direct Connect gateway to all the VPCs. Remove the existing VPN connections that are attached directly to the virtual private gateways.
  • B. Create a single transit gateway with VPN connections from each data center. Share the transit gateway with each account by using AWS Resource Access Manager (AWS RAM). Attach the transit gateway to each VPC. Remove the existing VPN connections that are attached directly to the virtual private gateways.
  • C. Create a transit gateway in each Region with multiple newly commissioned VPN connections from each data center. Share the transit gateways with each account by using AWS Resource Access Manager (AWS RAM). In each Region, attach the transit gateway to each VPRemove the existing VPN connections that are attached directly to the virtual private gateways.
  • D. Peer all the VPCs in each Region to a new VPC in each Region that will function as a centralized transit VPC. Create new VPN connections from each data center to the transit VPCs. Terminate the original VPN connections that are attached to all the original VPCs. Retain the new VPN connection to the new transit VPC in each Region.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zaazanuna at March 18, 2023, 10:04 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
study_aws1
Highly Voted 1 year, 9 months ago
Option A) may be a stable solution considering other options, but will not be applicable to this scenario as a single Direct connect gateway can connect only upto 10 VPCs, where as the requirement states total 120 VPCs. This choice would have been applicable had Transit Gateway been introduced to the architecture with Transit VIF (not private VIF). As Transit gateway is a regional resource, a single transit gateway will not function cross-region. Hence, option C)
upvoted 14 times
zaazanuna
1 year, 9 months ago
Option C would involve creating a transit gateway in each region with multiple newly commissioned VPN connections from each data center, which would result in a high number of VPN tunnels. While AWS Transit Gateway is designed to handle multiple VPN connections, creating a separate transit gateway in each region would not be a scalable solution in the long term. Additionally, each AWS account has two VPCs in each region, so attaching a transit gateway to each VPC would result in a large number of VPC attachments, which would be difficult to manage. wrong?
upvoted 2 times
albertkr
1 year, 8 months ago
How do you address 1 DX GW max 10 VPC connections limitation if you still insist A is the correct answer?
upvoted 1 times
notwhoyouthink
1 year, 8 months ago
The question states there are 60 accounts with 2 vpc's per region. Answer A says 1 DX connection per account, so A would still be the answer.
upvoted 1 times
Neo00
1 year, 5 months ago
It doesn't say 1 DX per account neither in the question nor answer A
upvoted 1 times
...
...
...
...
...
Untamables
Highly Voted 1 year, 9 months ago
Selected Answer: C
C An AWS Transit Gateway provides the option of creating an IPsec VPN connection between your remote network and the Transit Gateway over the internet. A Transit Gateway is a regional resource. https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-vpn.html You can use AWS Resource Access Manager (RAM) to share a transit gateway for VPC attachments across accounts or across your organization in AWS Organizations. That helps reducing the VPN connections. https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-share.html AWS Transit Gateway can scale up to 50 Gbps throughput aggregating multiple VPN tunnels. https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-quotas.html#bandwidth-quotas
upvoted 7 times
...
clphan
Most Recent 5 months, 1 week ago
A/ but https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html mention VPGs (VPCs) per DX GW is 20. The company have 120 VPCs spread across 3 region (40 per region) > 20 ... B/ TGW is regional. C/ cost for maintainance (manage tgw routing) but it's work. D/ Transitive routing is not available VPC peering (On-premise - AWS).
upvoted 1 times
...
Raphaello
9 months, 1 week ago
Selected Answer: C
There are 120 VPC's in each region. That being said, option A where a single Direct Connect gateway connect to all the VPCs via private VIF's (adnd VGW of course)..simply does not work. DxGW can only connect to 20 Virtual private gateways per AWS Direct Connect gateway. https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html Had it had TGW connected to DxGW, it would've been the best choice in terms of sufficient bandwidth. C is the answer.
upvoted 1 times
...
vikasj1in
11 months ago
Selected Answer: B
Simplifying Network Architecture: By using a single transit gateway, the company can centralize its VPN connections, reducing the complexity associated with managing multiple VPN tunnels directly attached to each VPC. Resilient Connectivity: The transit gateway can provide a more scalable and resilient solution for connectivity between AWS and the on-premises data centers. Sharing Resources with AWS RAM: Using AWS Resource Access Manager (AWS RAM) to share the transit gateway across accounts helps in maintaining a centralized and standardized architecture. Scalability: The transit gateway can handle the additional 2 Gbps of traffic per region and is designed to scale as traffic increases over time. This solution offers a more centralized and scalable approach, reducing management overhead and providing the flexibility needed for future growth.
upvoted 1 times
...
Marfee400704
11 months ago
I think that it's correct answer is C accoring to SPOTO products.
upvoted 1 times
...
marfee
11 months, 1 week ago
I think that it's correcty answer is C.
upvoted 1 times
...
sadovenk0
1 year, 1 month ago
I agree that A can't be used, because we have quotes - 20 VGW per 1 DX Gateway https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html but how we can handle the requirement of 2 Gbps output from aws to on-premise while we have throughput 500 Mbps (AWS VPN connectivity isn’t very scalable since VPN tunnels are limited to a maximum bandwidth of 1.25 Gbps)?
upvoted 2 times
seochan
7 months, 2 weeks ago
You can scale bandwidth up to 50Gbps using TGW thanks to the ECMP. https://aws.amazon.com/en/blogs/networking-and-content-delivery/scaling-vpn-throughput-using-aws-transit-gateway/
upvoted 1 times
...
...
Simili
1 year, 3 months ago
Transit gateway is a regional resource, therefore a single transit gateway can not work. Option C is the correct choice
upvoted 2 times
...
DeathFrmAbv
1 year, 5 months ago
While C is correct, D is also possible. In D the bandwidth will depend on the EC2 instance type you are choosing to run your VPN software
upvoted 1 times
evargasbrz
1 year, 4 months ago
I think D is not possible, as it says "Peer all the VPCs in each Region to a new VPC in each Region that will function as a centralized transit VPC.", so you have this limitation: "If VPC A has a VPN connection to a corporate network, resources in VPC B can't use the VPN connection to communicate with the corporate network." You can see all the limitations here: https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations
upvoted 1 times
...
...
linuxek21
1 year, 9 months ago
Correct answer is C, B - calls for a single TGW but you cannot directly connect VPC from another region, you must have peering connection between TGWs
upvoted 1 times
...
ITgeek
1 year, 9 months ago
Selected Answer: B
Is the simplest
upvoted 1 times
Spaurito
2 months ago
You have to have TGW per region, can't do with a single TGW.
upvoted 1 times
...
...
titi_r
1 year, 9 months ago
Selected Answer: C
C - correct.
upvoted 3 times
...
zaazanuna
1 year, 9 months ago
Correction - A - correct.
upvoted 2 times
titi_r
1 year, 9 months ago
The limit for VGWs per DX gateway is 10 and cannot be increased. https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html Obviously, you cannot attach 120 VPCs to it, so A is wrong. Answer C is correct.
upvoted 1 times
...
...
flowers00
1 year, 9 months ago
A or C ?
upvoted 1 times
flowers00
1 year, 9 months ago
C: I think
upvoted 2 times
...
...
zaazanuna
1 year, 9 months ago
B - correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago