Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 375 discussion

ADE Option D: Create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network. Option E: During configuration of the replication servers, select the option to use private IP addresses for data replication. Option A: could be considered if the private subnets are used without the NAT gateways, ensuring internal-only network access

https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html (E) Data routing and throttling controls how data flows from the external server to the replication servers. If you choose not to use a private IP, your replication servers will be automatically assigned a public IP and data will flow over the public internet. Check "Use private IP for data replication". (F) On Default DRS launch settings, check "Copy private IP". This way all other servers can transparently reach the recovered server. (D) Architects could use VPN or AWS DC, but "...The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.", preferably use AWS Direct Connect.

C - This ensures that replication traffic does not travel over the public internet, meeting the security requirement. D- Direct Connect provides a dedicated, high-bandwidth, and lower-latency connection to AWS, ensuring replication traffic does not consume all available internet bandwidth. E- Ensures that replication occurs over private connectivity rather than the public internet, aligning with the security requirement.

By following these steps, you can meet the requirements of configuring a cloud backup of the on-premises intranet application using AWS Elastic Disaster Recovery, ensuring that replication traffic does not travel through the public internet, preventing the application from being accessible from the internet (since it's deployed in private subnets), and not consuming all available network bandwidth (since you're using a dedicated Direct Connect connection).

> By default, data is sent from the source servers to the replication servers over the public internet, using the public IP that was automatically assigned to the replication servers. Transferred data is always encrypted in transit. > Choose the box to the left of the Use private IP for data replication... option if you want to route the replicated data from your source servers to the staging area subnet through a private network with a VPN, AWS Direct Connect, VPC peering, or another type of existing private connection.

Why it cannot be the following: • A. Create a VPC that has at least two private subnets, two NAT gateways, and a virtual private gateway. - NAT Gateway not necessary • B. Create a VPC that has at least two public subnets, a virtual private gateway, and an internet gateway. - IGW not required • C. Create an AWS Site-to-Site VPN connection between the on-premises network and the target AWS network. - You need bandwidth so that teh solution does not impact other applications

Direct Connect is an overkill for such a solution. You cant set it all up just to do DR.

Regarding Option A, I'm not sure why there should be at least 2 subnets in the VPC. When configuring the Elastic Disaster Recovery, you only need to choose 1 subnet as target area. Besides, NAT is not needed here. For Option F, you can choose "Copy private IP" to match source server's IP address, but this is not a must, it is an optional choice, you don't need to choose it to meet the question's requirement. I'm really confused

Those who picked A, why would you need the NAT gateways?!

I am super confused about A A says Virtual Private Gateway, which is for Site-to-Site VPNs. Why do we need this ???

replication traffic does not travel through the public internet. --> Not A must not be accessible from the internet --> Not B The company does not want this solution to consume all available network bandwidth --> not C, it requires D as dedicated network E and F during the Disaster Recovery step 3 and 4 as described as link below, https://docs.aws.amazon.com/drs/latest/userguide/quick-start-guide-gs.html

We don't need to connect internet, why we need NAT gateway in A?

How about A,C,E? A. Create an intranet application and other application in a private subnet. Intranet applications connect to a private gateway(one). Other applications connect to the NAT gateway(one). Eliminates traffic interference. C. Site-to-Site VPN connect to private gateway. E. Replicates private IP.

A, D and E

Answer ADE

Answer ADE

DX is needed as it Provides a dedicated, private network connection that can be managed to avoid consuming all available network bandwidth