Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 198 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02

Question #: 198
Topic #: 1

[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is building a hybrid environment that includes servers in an on-premises data center and in the AWS Cloud. The company has deployed Amazon EC2 instances in three VPCs. Each VPC is in a different AWS Region. The company has established an AWS Direct. Connect connection to the data center from the Region that is closest to the data center.

The company needs the servers in the on-premises data center to have access to the EC2 instances in all three VPCs. The servers in the on-premises data center also must have access to AWS public services.

Which combination of steps will meet these requirements with the LEAST cost? (Choose two.)

A. Create a Direct Connect gateway in the Region that is closest to the data center. Attach the Direct Connect connection to the Direct Connect gateway. Use the Direct Connect gateway to connect the VPCs in the other two Regions.
B. Set up additional Direct Connect connections from the on-premises data center to the other two Regions.
C. Create a private VIF. Establish an AWS Site-to-Site VPN connection over the private VIF to the VPCs in the other two Regions.
D. Create a public VIF. Establish an AWS Site-to-Site VPN connection over the public VIF to the VPCs in the other two Regions.
E. Use VPC peering to establish a connection between the VPCs across the Regions Create a private VIF with the existing Direct Connect connection to connect to the peered VPCs.

Show Suggested Answer

Suggested Answer: AD 🗳️

by Roontha at May 27, 2023, 5:24 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

cmoreira

Highly Voted 1 year, 10 months ago

Selected Answer: AD

There is no correct answer. NONE. A.Direct Connect gateway are global. You dont create them in a "region" B. Not needed, since you have DX-GW. C. Cant establish site-to-site VPN over private VIF. You do it over public or transit (recommended). D. Yes, should use private VIF, but for access to AWS public resources, not the other VPCs. E. VPC peering wont allow Onprem to access other VPCs via peering. Best Answer is DX-Gateway AND Public VIF (A and D). However they're both wrong. https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

upvoted 25 times

GabrielShiao

5 months, 2 weeks ago

Vote D. You can access the AWS public resources if you create a public VIF well. By setting the AWS site-to-set VPN, one of AWS's public resources, you can leverage this VPN to connect to the multiple VPC accordingly.

upvoted 1 times

...

2 years ago

a-d-a-d-a-d-a-d

upvoted 1 times

...

Jesuisleon

2 years, 1 month ago

Agree Roontha. For E, "Create a private VIF with the existing Direct Connect connection to connect to the peered VPCs" is wrong. private VIF can only connect to the vpc which is in the same region with direct connection, you can't extend private VIF to the VPCs in other 2 regions.

upvoted 5 times

...

rbm2023

2 years, 1 month ago

Selected Answer: AD

agree with A and D tks to Roontha

upvoted 3 times

...

andreitugui

2 years, 1 month ago

Selected Answer: AD

Answer is A,D

upvoted 1 times

...