Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 375 discussion

ADE Option D: Create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network. Option E: During configuration of the replication servers, select the option to use private IP addresses for data replication. Option A: could be considered if the private subnets are used without the NAT gateways, ensuring internal-only network access

https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html (E) Data routing and throttling controls how data flows from the external server to the replication servers. If you choose not to use a private IP, your replication servers will be automatically assigned a public IP and data will flow over the public internet. Check "Use private IP for data replication". (F) On Default DRS launch settings, check "Copy private IP". This way all other servers can transparently reach the recovered server. (D) Architects could use VPN or AWS DC, but "...The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.", preferably use AWS Direct Connect.

Regarding Option A, I'm not sure why there should be at least 2 subnets in the VPC. When configuring the Elastic Disaster Recovery, you only need to choose 1 subnet as target area. Besides, NAT is not needed here. For Option F, you can choose "Copy private IP" to match source server's IP address, but this is not a must, it is an optional choice, you don't need to choose it to meet the question's requirement. I'm really confused

Those who picked A, why would you need the NAT gateways?!

I am super confused about A A says Virtual Private Gateway, which is for Site-to-Site VPNs. Why do we need this ???

replication traffic does not travel through the public internet. --> Not A must not be accessible from the internet --> Not B The company does not want this solution to consume all available network bandwidth --> not C, it requires D as dedicated network E and F during the Disaster Recovery step 3 and 4 as described as link below, https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html

We don't need to connect internet, why we need NAT gateway in A?

How about A,C,E? A. Create an intranet application and other application in a private subnet. Intranet applications connect to a private gateway(one). Other applications connect to the NAT gateway(one). Eliminates traffic interference. C. Site-to-Site VPN connect to private gateway. E. Replicates private IP.

A, D and E

Answer ADE

Answer ADE

DX is needed as it Provides a dedicated, private network connection that can be managed to avoid consuming all available network bandwidth

Not Option - A, I don't see the point of creating NAT gateways.

Answer - ACE VPC with 2 private subnets and 2 NAT gateways for application and replication traffic which has to be private Site to Site VPN - for secure connection between Onprem and Customer VPC so both replication and application traffic does not flow over public internet Choosing private IP address for replication.

I guess ADE

Creating a VPC with at least two public subnets and an internet gateway (Option B) would allow the application to be accessible from the internet, which is not a requirement. Creating an AWS Site-to-Site VPN connection (Option C) or an AWS Direct Connect connection (Option D) would allow the replication traffic to be routed through a private network, but these options are not required since Option A already provides a private network 1. answer AEF

ACE for sure