ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 440 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 440
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A software as a service (SaaS) company provides a media software solution to customers. The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts. One of the VPCs is designated as a management VPC. The compute resources in the VPCs work independently.

The company has developed a new feature that requires all 50 VPCs to be able to communicate with each other. The new feature also requires one-way access from each customer's VPC to the company's management VPC. The management VPC hosts a compute resource that validates licenses for the media software solution.

The number of VPCs that the company will use to host the solution will continue to increase as the solution grows.

Which combination of steps will provide the required VPC connectivity with the LEAST operational overhead? (Choose two.)

  • A. Create a transit gateway. Attach all the company's VPCs and relevant subnets to the transit gateway.
  • B. Create VPC peering connections between all the company's VPCs.
  • C. Create a Network Load Balancer (NLB) that points to the compute resource for license validation. Create an AWS PrivateLink endpoint service that is available to each customer's VPAssociate the endpoint service with the NLB.
  • D. Create a VPN appliance in each customer's VPC. Connect the company's management VPC to each customer's VPC by using AWS Site-to-Site VPN.
  • E. Create a VPC peering connection between the company's management VPC and each customer's VPC.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by alexis123456 at Feb. 6, 2024, 3:42 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Spike2020
4 months, 4 weeks ago
Selected Answer: BC
Private link for the customers and vpc peering for company VPCs. Transit gateway is only a regional construct.
upvoted 2 times
...
nimbus_00
5 months ago
Selected Answer: AC
AWS PrivateLink now supports cross-region connectivity https://aws.amazon.com/about-aws/whats-new/2024/11/aws-privatelink-across-region-connectivity/
upvoted 1 times
...
0b43291
5 months, 2 weeks ago
Selected Answer: AC
A. Create a transit gateway. Attach all the company's VPCs to it, establishing a mesh network where VPCs can communicate. This provides a scalable way to manage VPC connectivity, reducing operational overhead compared to VPC peering. C. Create a Network Load Balancer (NLB) for the license validation compute resource. Create an AWS PrivateLink endpoint service associated with the NLB, available to each customer's VPC. This provides one-way access from customer VPCs to the management VPC for license validation, without internet gateways, NAT gateways, or VPNs. It simplifies network configuration and reduces operational overhead.
upvoted 1 times
...
JoeTromundo
6 months, 2 weeks ago
Selected Answer: AC
AWS Transit Gateway supports peering between transit gateways in different regions. This means that you can connect a Transit Gateway in one region to another Transit Gateway in a different region. This feature is known as Transit Gateway Peering (not VPC peering). AWS Transit Gateway also allows you to associate VPCs from different AWS accounts to the same transit gateway using AWS Resource Access Manager (RAM)
upvoted 2 times
...
helloworldabc
8 months, 2 weeks ago
AAAAAAAAAAACCCCCCCCC
upvoted 2 times
...
ca5e9ba
11 months, 1 week ago
AC; AWS Transit Gateway allows you to connect resources across different AWS regions. Here’s how you can achieve this: Create Transit Gateways: Begin by creating Transit Gateways in the respective regions where you want to establish peering. Ensure that the necessary VPCs are attached to each Transit Gateway. Enable Peering: Navigate to the AWS Management Console and select the Transit Gateway service. Initiate the peering connection between the two Transit Gateways in different regions. Update Route Tables: Configure the route tables associated with each Transit Gateway to allow traffic between the regions. Security Groups and Network ACLs: Adjust security groups and network ACLs to permit the necessary traffic flow. Connectivity Testing: Verify connectivity by testing communication between resources in different regions.
upvoted 4 times
...
teo2157
11 months, 1 week ago
Selected Answer: BC
As titi_r explained
upvoted 1 times
...
titi_r
1 year ago
Selected Answer: BC
B – Correct, even that it will be a routing madness. The default VPC peering quota is 50, but increasable after request to 125. So, the company will be able to peer its 50 VPCs, but it must request a quota increase for a higher number - that’s not mentioned in the answer. And also what’s happening when/if they require more than 125 VPCs at one point? https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-connection-quotas.html - C – Correct. The PrivateLink endpoint service will provide a one-way access from each customer's VPC to the company's management VPC. https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/use-case-examples.html
upvoted 2 times
_Jassybanga_
8 months ago
"The number of VPCs that the company will use to host the solution will continue to increase as the solution grows" - it can go beyond 125 as well
upvoted 2 times
...
helloworldabc
8 months, 2 weeks ago
Creating a transit gateway peering allows VPCs in different regions to connect.
upvoted 2 times
...
titi_r
1 year ago
А – Incorrect. It’s not possible to attach a VPC from one Region to a TGW in another Region. You can only attach a VPC to a TGW in the same Region; additionally you can peer that TGW with another one, located in a different Region. https://content.cloudthat.com/resources/wp-content/uploads/2022/11/Picture220.png
upvoted 3 times
backbencher2022
8 months ago
Transit Gateway allow both inter-region and intra-region VPC peering as per this AWS document - https://docs.aws.amazon.com/vpc/latest/tgw/tgw-peering.html#:~:text=AWS%20Region%20considerations-,Transit%20gateway%20peering%20attachments%20in%20Amazon%20VPC%20Transit%20Gateways,and%20specify%20a%20transit%20gateway.
upvoted 3 times
...
titi_r
1 year ago
D – Incorrect. Unknown if even possible, but more COMPLEX than answer “B” anyway. The default Site-to-Site VPN connections per VGW quota is only 10 (it's increasable, but the actual limit is not stated in the AWS documentation), however the company will need more than 50 and this sounds unrealistic. The default Site-to-Site VPN connections per Region quota is 50 – it will also require a request for quota increase. https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-limits.html - E – Incorrect. In this case customer VPCs will not be able to communicate with each other, but only with the management VPC.
upvoted 1 times
...
...
...
trap
1 year ago
It SHOULD be transit gateway but it isn't. The VPCs are hosted in several accounts and regions. You can't attach all VPCs in one transit gateway. You need several peered transit gws per region which is not the case here. Correct: B,C
upvoted 4 times
trap
1 year ago
Actually you need a transit gw per VPC region and they must be peered...... Very tricky question... Correct: B,C
upvoted 3 times
...
...
Russs99
1 year ago
Selected Answer: AE
NLB and PrivateLink offer benefits, they are overkill for this scenario. NLB is for distributing traffic across multiple instances, which isn't necessary here. PrivateLink creates a private connection for a service within a VPC, but it's a more complex solution than a simple peering connection for the management VPC.
upvoted 1 times
...
career360guru
1 year, 1 month ago
Selected Answer: AC
A and C
upvoted 2 times
...
arberod
1 year, 2 months ago
Selected Answer: AC
answer AC
upvoted 3 times
...
kejam
1 year, 2 months ago
Selected Answer: AC
Answer AC: Transit Gateway and Private Link for the WIN!
upvoted 3 times
...
alexis123456
1 year, 2 months ago
Correct Answer A and C
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago