exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 735 discussion

A company's processing team has an AWS account with a production application. The application runs on Amazon EC2 instances behind a Network Load
Balancer (NLB). The EC2 instances are hosted in private subnets in a VPC in the eu-west-1 Region. The VPC was assigned the CIDR block of 10.0.0.0/16. The billing team recently created a new AWS account and deployed an application on EC2 instances that are hosted in private subnets in a VPC in the eu-central-1
Region. The new VPC is assigned the CIDR block of 10.0.0.0/16.
The processing application needs to securely communicate with the billing application over a proprietary TCP port.
What should a solutions architect do to meet this requirement with the LEAST amount of operational effort?

  • A. In the billing team's account, create a new VPC and subnets in eu-central-1 that use the CIDR block of 192.168.0.0/16. Redeploy the application to the new subnets. Configure a VPC peering connection between the two VPCs.
  • B. In the processing team's account, add an additional CIDR block of 192.168.0.0/16 to the VPC in eu-west-1. Restart each of the EC2 instances so that they obtain a new IP address. Configure an inter-Region VPC peering connection between the two VPCs.
  • C. In the billing team's account, create a new VPC and subnets in eu-west-1 that use the CIDR block of 192.168.0.0/16. Create a VPC endpoint service (AWS PrivateLink) in the processing team's account and an interface VPC endpoint in the new VPC. Configure an inter-Region VPC peering connection in the billing team's account between the two VPCs.
  • D. In each account, create a new VPC with the CIDR blocks of 192.168.0.0/16 and 172.16.0.0/16. Create inter-Region VPC peering connections between the billing team's VPCs and the processing team's VPCs. Create gateway VPC endpoints to allow traffic to route between the VPCs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Jaypdv
Highly Voted 3 years, 2 months ago
A. seems right
upvoted 13 times
...
AzureDP900
Highly Voted 2 years, 11 months ago
C is correct answer , This question is part of AWS official practice test.
upvoted 11 times
azkzmk
2 years, 9 months ago
You are right!
upvoted 1 times
...
...
Jesuisleon
Most Recent 1 year, 6 months ago
Selected Answer: A
A is right and C is wrong. Viper57 has elaborated very well !
upvoted 3 times
vn_thanhtung
1 year, 3 months ago
A is right. Thank bro
upvoted 1 times
...
...
Guoxian
2 years, 2 months ago
This is very interesting. I would say B is less trouble than A because instead of creating a brand new VPC, AWS now allows to add additional CiDR. Since both solutions require re-deployment of the EC2. Then I would argue B is possibly a better option than A. I have also seen answers ticking C. Honestly, I am not sure if it will work because we will still need a sets of new EC2 in the new CiDR to run the service. At this point of time, there is no EC2 services in the new CiDR.
upvoted 2 times
...
Enigmaaaaaa
2 years, 4 months ago
Selected Answer: C
For me its C. A - can work but its not MINIMUM amount of operational work for sure. Answer should be C without redeploying to whole solution - NLB is already configured, just need to create Service Endpoint and inter-region VPC since private link is a regional service and need to access it from another region. So C will do it - 1 service EP in another region + VPC inter-region peering to it https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 2 times
...
aandc
2 years, 5 months ago
C: redeploy the application means operational work
upvoted 1 times
...
guillmichel
2 years, 9 months ago
A: redeploy the application -> operational work C: just declare the PrivateLink + Interface endpoint (using the existing NLB). Less work
upvoted 4 times
...
jyrajan69
2 years, 9 months ago
3 factors in this question, first it should be the least amount of effort, then there is the NLB and the need for secure connection. All of this can be achieved by A, no issues with NLB based on the followjng link (https://aws.amazon.com/about-aws/whats-new/2018/10/network-load-balancer-now-supports-inter-region-vpc-peering/). C is way more complicated and not required
upvoted 1 times
...
AzureDP900
2 years, 12 months ago
A seems right answer based on scenario.
upvoted 2 times
AzureDP900
2 years, 11 months ago
Changing my answer to C after attempting AWS official practice test
upvoted 1 times
...
...
Viper57
3 years, 1 month ago
It's weird that some people think its option C. Here are the reason that it is wrong - 1. If it is using a VPC endpoint, why is a peering connection necessary? It can directly connect to the application via the endpoint so the extra VPC and peering connection is an unnecessary step 2. 'Inter region peering' is enabled by default for all VPC peering connections so there is no special type of 'inter region peering' connection 3. The order is wrong. The processing account needs to access the billing application. So the VPC endpoint service should be created in the Billing teams account, and the interface endpoint created in the processing account as the service provider. A works and is much simpler.
upvoted 11 times
...
student22
3 years, 1 month ago
C --- Private Link
upvoted 2 times
...
nisoshabangu
3 years, 1 month ago
C for me, application is behind an NLB, best way to achieve this is Privatelinks.
upvoted 2 times
...
andylogan
3 years, 1 month ago
It's A
upvoted 1 times
...
Goram113
3 years, 1 month ago
https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/ - so I think this is C. In such approach you don't need to make any changes in application related to moving ec2 to non overlapping subnets.
upvoted 2 times
...
DerekKey
3 years, 1 month ago
You will need inter-region peering. A wrong - doesn't have it B wrong - will not work C correct - vpc inter-regon peering and VPC enpoint D wrong - doesn't make sense
upvoted 2 times
johnnsmith
3 years, 1 month ago
C doesn't work. The processing application needs to communicate with billing application. If the processing application is behind a endpoint. How can it communicate with billing application. Peering can be between any VPC. You don't need to create a special inter-region peering type.
upvoted 3 times
...
...
tgv
3 years, 1 month ago
AAA ---
upvoted 1 times
...
Suresh108
3 years, 1 month ago
i see many selected option "A" question has eu-west-1 where answer A has below eu-central-1 did anyone notice?
upvoted 2 times
Suresh108
3 years, 1 month ago
disregard. mis read first. going with AAAA
upvoted 2 times
Suresh108
2 years, 11 months ago
after reading this again and again going for CCCCCC https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...