ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 735 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 735
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company's processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load
Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu-west-1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1
Region. The new VPC is assigned the CIDR block of 10.0.0.0/16.
The processing application needs to securely communicate with the billing application over a proprietary TCP port.
What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?

  • A. In the billing team's account, create a new VPC and subnets in eu-central-1 that use the CIDR block of 192.168.0.0/16. Redeploy the application to the new subnets. Configure a VPC peering connection between the two VPCs.
  • B. In the processing team's account, add an additional CIDR block of 192.168.0.0/16 to the VPC in eu-west-1. Restart each of the EC2 instances so that they obtain a new IP address. Configure an inter-Region VPC peering connection between the two VPCs.
  • C. In the billing team's account, create a new VPC and subnets in eu-west-1 that use the CIDR block of 192.168.0.0/16. Create a VPC endpoint service (AWS PrivateLink) in the processing team's account and an interface VPC endpoint in the new VPC. Configure an inter-Region VPC peering connection in the billing team's account between the two VPCs.
  • D. In each account, create a new VPC with the CIDR blocks of 192.168.0.0/16 and 172.16.0.0/16. Create inter-Region VPC peering connections between the billing team's VPCs and the processing team's VPCs. Create gateway VPC endpoints to allow traffic to route between the VPCs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Jaypdv at April 30, 2021, 2:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jaypdv
Highly Voted 3 years, 9 months ago
A. seems right
upvoted 13 times
...
AzureDP900
Highly Voted 3 years, 6 months ago
C is correct answer , This question is part of AWS official practice test.
upvoted 11 times
azkzmk
3 years, 4 months ago
You are right!
upvoted 1 times
...
...
mnsait
Most Recent 6 months, 4 weeks ago
Selected Answer: C
A: Can work, but certainly on the least amount of operational effort. Enigmaaaaaa has pointed this out. B: Not correct as Guoxian has put it - there are no EC2 running at this point to run the service C: Correct (much lesser operational overhead than A). Although to Viper57's points, I agree that there is no need for VPC peering, there is no need for a term like inter-region peering and yes, the billing account should create PrivateLink endpoint service and the processing application should use endpoint (they have reversed it in the question). Perhaps the real exam will have better, proof-read questions and as long as the concept is clearly understood, we should be ok to take up the exam. D: wrong, does not make sense.
upvoted 1 times
...
Jesuisleon
2 years, 1 month ago
Selected Answer: A
A is right and C is wrong. Viper57 has elaborated very well !
upvoted 3 times
vn_thanhtung
1 year, 10 months ago
A is right. Thank bro
upvoted 1 times
...
...
Guoxian
2 years, 10 months ago
This is very interesting. I would say B is less trouble than A because instead of creating a brand new VPC, AWS now allows to add additional CiDR. Since both solutions require re-deployment of the EC2. Then I would argue B is possibly a better option than A. I have also seen answers ticking C. Honestly, I am not sure if it will work because we will still need a sets of new EC2 in the new CiDR to run the service. At this point of time, there is no EC2 services in the new CiDR.
upvoted 2 times
...
Enigmaaaaaa
3 years ago
Selected Answer: C
For me its C. A - can work but its not MINIMUM amount of operational work for sure. Answer should be C without redeploying to whole solution - NLB is already configured, just need to create Service Endpoint and inter-region VPC since private link is a regional service and need to access it from another region. So C will do it - 1 service EP in another region + VPC inter-region peering to it https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 2 times
...
aandc
3 years ago
C: redeploy the application means operational work
upvoted 1 times
...
guillmichel
3 years, 4 months ago
A: redeploy the application -> operational work C: just declare the PrivateLink + Interface endpoint (using the existing NLB). Less work
upvoted 4 times
...
jyrajan69
3 years, 4 months ago
3 factors in this question, first it should be the least amount of effort, then there is the NLB and the need for secure connection. All of this can be achieved by A, no issues with NLB based on the followjng link (https://aws.amazon.com/about-aws/whats-new/2018/10/network-load-balancer-now-supports-inter-region-vpc-peering/). C is way more complicated and not required
upvoted 1 times
...
AzureDP900
3 years, 7 months ago
A seems right answer based on scenario.
upvoted 2 times
AzureDP900
3 years, 6 months ago
Changing my answer to C after attempting AWS official practice test
upvoted 2 times
...
...
Viper57
3 years, 8 months ago
It's weird that some people think its option C. Here are the reason that it is wrong - 1. If it is using a VPC endpoint, why is a peering connection necessary? It can directly connect to the application via the endpoint so the extra VPC and peering connection is an unnecessary step 2. 'Inter region peering' is enabled by default for all VPC peering connections so there is no special type of 'inter region peering' connection 3. The order is wrong. The processing account needs to access the billing application. So the VPC endpoint service should be created in the Billing teams account, and the interface endpoint created in the processing account as the service provider. A works and is much simpler.
upvoted 11 times
...
student22
3 years, 8 months ago
C --- Private Link
upvoted 2 times
...
nisoshabangu
3 years, 8 months ago
C for me, application is behind an NLB, best way to achieve this is Privatelinks.
upvoted 2 times
...
andylogan
3 years, 8 months ago
It's A
upvoted 1 times
...
Goram113
3 years, 8 months ago
https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/ - so I think this is C. In such approach you don't need to make any changes in application related to moving ec2 to non overlapping subnets.
upvoted 2 times
...
DerekKey
3 years, 8 months ago
You will need inter-region peering. A wrong - doesn't have it B wrong - will not work C correct - vpc inter-regon peering and VPC enpoint D wrong - doesn't make sense
upvoted 2 times
johnnsmith
3 years, 8 months ago
C doesn't work. The processing application needs to communicate with billing application. If the processing application is behind a endpoint. How can it communicate with billing application. Peering can be between any VPC. You don't need to create a special inter-region peering type.
upvoted 3 times
...
...
tgv
3 years, 8 months ago
AAA ---
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel