Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 463 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 463
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has many services running in its on-premises data center. The data center is connected to AWS using AWS Direct Connect (DX) and an IPSec VPN. The service data is sensitive and connectivity cannot traverse the internet. The company wants to expand into a new market segment and begin offering its services to other companies that are using AWS.

Which solution will meet these requirements?

  • A. Create a VPC Endpoint Service that accepts TCP traffic, host it behind a Network Load Balancer, and make the service available over DX.
  • B. Create a VPC Endpoint Service that accepts HTTP or HTTPS traffic, host it behind an Application Load Balancer, and make the service available over DX.
  • C. Attach an internet gateway to the VPC, and ensure that network access control and security group rules allow the relevant inbound and outbound traffic.
  • D. Attach a NAT gateway to the VPC, and ensure that network access control and security group rules allow the relevant inbound and outbound traffic.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by CMMC at March 19, 2024, 2:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
backbencher2022
2 weeks, 6 days ago
Selected Answer: A
A is the correct option. There is no direct support for ALB with Private Link / VPC Endpoint service. ALB can be a target group for NLB so, we can use ALB with NLB but not ALB directly. Check this page for more details - https://aws.amazon.com/about-aws/whats-new/2021/09/application-load-balancer-aws-privatelink-static-ip-addresses-network-load-balancer/
upvoted 1 times
...
asquared16
3 weeks, 5 days ago
What do we know that makes B not a valid answer? It feels like the question is missing something.
upvoted 1 times
kgpoj
1 day, 13 hours ago
VPC Endpoint doesn't directly work with ALB, so B is wrong
upvoted 1 times
...
...
gfhbox0083
2 months ago
A, for sure. Connectivity cannot traverse the internet
upvoted 2 times
...
trungtd
3 months, 2 weeks ago
Selected Answer: A
A, VPC endpoint used with NLB
upvoted 2 times
...
VerRi
5 months, 2 weeks ago
Selected Answer: A
VPC endpoint + NLB = PrivateLink
upvoted 2 times
...
yog927
5 months, 3 weeks ago
Selected Answer: A
A, VPC endpoint used with NLB
upvoted 1 times
...
pangchn
5 months, 3 weeks ago
Selected Answer: A
A This is a privatelink scenrio. Can't find a hard evidence but the Privatelink seem can only work with NLB. If need ALB, it will be Privatelink -> NLB -> ALB one evidence is the link lasithasilva709 posted another evidence is compare of ALB/NLB https://aws.amazon.com/elasticloadbalancing/features/?nc=sn&loc=2&dn=1 3rd evidence https://aws.amazon.com/about-aws/whats-new/2021/09/application-load-balancer-aws-privatelink-static-ip-addresses-network-load-balancer/
upvoted 4 times
pangchn
5 months, 1 week ago
Also in question only mentioned services but doesn't mention port, where TCP (NLB) can cover all ports but HTTP/HTTPS (ALB) is restricted
upvoted 1 times
...
...
lasithasilva709
5 months, 3 weeks ago
Selected Answer: A
My understanding is that NLB should be used for a VPC endpoint service. Here are some resources: 1. To use AWS PrivateLink, create a Network Load Balancer for your application in your VPC, and create a VPC endpoint service configuration pointing to that load balancer. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/aws-privatelink.html 2. https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/
upvoted 1 times
...
AWSPro1234
5 months, 3 weeks ago
Answer is A. Many services is a key word , option B is for http and https.
upvoted 2 times
...
Dgix
5 months, 4 weeks ago
Selected Answer: B
B is just a safe as A — TCP is not inherently safer. However, HTTPS and HTTP are much more commonly used when providing services to other companies. As we don't have any information as to the nature of the service, a safer bet (pun intended) is B.
upvoted 2 times
...
CMMC
6 months ago
Selected Answer: A
#C & #D are out given the connectivity cannot traverse the internet. #A enables secure VPC endpoint to privately expose to other companies' VPCs without traversing the internet, and TCP to provide more controlled and secure comm protocol for sensitive data
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel