ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 42 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 42
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is migrating its containerized application to AWS. For the architecture the company will have an ingress VPC with a Network Load Balancer (NLB) to distribute the traffic to front-end pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The front end of the application will determine which user is requesting access and will send traffic to 1 of 10 services VPCs. Each services VPC will include an NLB that distributes traffic to the services pods in an EKS cluster.
The company is concerned about overall cost. User traffic will be responsible for more than 10 TB of data transfer from the ingress VPC to services VPCs every month. A network engineer needs to recommend how to design the communication between the VPCs.
Which solution will meet these requirements at the LOWEST cost?

  • A. Create a transit gateway. Peer each VPC to the transit gateway. Use zonal DNS names for the NLB in the services VPCs to minimize cross-AZ traffic from the ingress VPC to the services VPCs.
  • B. Create an AWS PrivateLink endpoint in every Availability Zone in the ingress VPC. Each PrivateLink endpoint will point to the zonal DNS entry of the NLB in the services VPCs.
  • C. Create a VPC peering connection between the ingress VPC and each of the 10 services VPCs. Use zonal DNS names for the NLB in the services VPCs to minimize cross-AZ traffic from the ingress VPC to the services VPCs.
  • D. Create a transit gateway. Peer each VPC to the transit gateway. Turn off cross-AZ load balancing on the transit gateway. Use Regional DNS names for the NLB in the services VPCs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zaazanuna at March 18, 2023, 11:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
titi_r
Highly Voted 1 year, 9 months ago
Selected Answer: C
C - seems the right one. VPC peering offers the lowest overall cost when compared to other options for inter-VPC connectivity. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/vpc-to-vpc-connectivity.html There is no such thing as "TG peering"; there are VPC peering and TG attachments.
upvoted 13 times
seochan
6 months, 3 weeks ago
I agree that C is right, but TGW peering exists. https://docs.aws.amazon.com/vpc/latest/tgw/tgw-peering.html
upvoted 2 times
...
...
Spaurito
Most Recent 1 month, 2 weeks ago
C - the scenario states "each services VPC." VPC peering is more appropriate for costs.
upvoted 1 times
...
Raphaello
8 months, 3 weeks ago
Selected Answer: C
VPC peering is the lowest cost option, additionally VPC peering is for handling direct connectivity requirements, whereas AWS PrivateLink (service endpoint) is handling API style client-server connectivity. In this scenario option C is the correct answer.
upvoted 1 times
...
marfee
10 months, 2 weeks ago
I think that it's correcty answer is C.
upvoted 1 times
...
Vogd
12 months ago
C - https://aws.amazon.com/about-aws/whats-new/2021/05/amazon-vpc-announces-pricing-change-for-vpc-peering/ private link used to interconnect hundred to thousand VPC's. Peering is our use case scenario.
upvoted 1 times
...
cumzle_com
1 year ago
Selected Answer: B
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/access-container-applications-privately-on-amazon-eks-using-aws-privatelink-and-a-network-load-balancer.html
upvoted 1 times
...
Balasmaniam
1 year, 6 months ago
B is correct ans
upvoted 1 times
...
Training
1 year, 6 months ago
Should be B. https://aws.amazon.com/blogs/networking-and-content-delivery/implement-a-central-ingress-application-load-balancer-supporting-private-amazon-elastic-kubernetes-service-vpcs/
upvoted 2 times
...
tech4932943240
1 year, 7 months ago
c seems correct
upvoted 1 times
...
Spike2020
1 year, 8 months ago
B is the least costly
upvoted 1 times
bcx
1 year, 5 months ago
B has PrivateLink processing charges. VPC peering is free as long as you stay within the same AZ.
upvoted 1 times
...
...
ITgeek
1 year, 8 months ago
Selected Answer: C
Considering cost C, is the ideal solution
upvoted 4 times
...
awsguru1998
1 year, 8 months ago
B is correct. TG costs more and no such thing as vpc peer to TG
upvoted 1 times
slackbot
1 year, 8 months ago
mr Guru, VPC endpoints are not free as well. C is cheapest
upvoted 1 times
...
...
devopsbro
1 year, 9 months ago
Though transit gateway solves works here, but it comes with running cost per hours+data transfer costs. In case of VPC peering, it comes with free of cost. Only need to pay the data transfer cost. So I think VPC peering is most cost effective option.
upvoted 2 times
...
study_aws1
1 year, 9 months ago
VPC cannot be peered but attached to Transit Gateway (Either it can be VPC peering or Transit Gateway peering). Additionally, Transit Gateway has its own cost including hourly cost of attachment + Data transfer. PrivateLink resolves the cost problem of high volume of data transfer & is a easy way for ingress VPC to route traffic based on Endpoint service exposed. Also, minimize cross-AZ traffic by using zonal DNS names for the NLB is addressed in this scenario. It should be Option B)
upvoted 4 times
study_aws1
1 year, 8 months ago
After careful review, changed to C) considering cost. With Privatelink Endpoint in each AZ in Ingress VPC, it would turn up to 30 Zonal endpoints with 3 AZ - not effective from cost consideration./
upvoted 3 times
...
zaazanuna
1 year, 9 months ago
While AWS PrivateLink provides private connectivity between VPCs, it is generally more expensive than VPC peering, especially when dealing with a large amount of data transfer, such as the 10 TB mentioned in the question.
upvoted 1 times
...
...
helloworldabc
1 year, 9 months ago
AAAAAAAAAAAA
upvoted 1 times
...
zaazanuna
1 year, 9 months ago
A - correct. Option A is the most cost-effective solution because it allows the company to minimize cross-AZ traffic by using zonal DNS names for the NLB in the services VPCs. This will help to reduce data transfer costs. Additionally, by using a transit gateway, the company can easily peer each VPC to the transit gateway and manage the traffic flow between them.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago