Exam AWS Certified Solutions Architect - Professional topic 1 question 753 discussion

A - In correct. It will work, but there is cost for each transit gateway B - Correct. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/transit-gateway-vs-vpc-peering.html "Lower cost — With VPC peering you only pay for data transfer charges. Transit Gateway has an hourly charge per attachment in addition to the data transfer fees. " C - public VIFs is for public IP D - for transit gateways, you need transit VIFs, not private VIFs..

A is the only correct answer Why not B? 1) VPC peering edge to edge is not possible also its not trasetive with VPN / DC - how on-prem servers will be able to communicate with VPCs on another region? https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html#edge-to-edge-vgw 2) you cant associate VPCs to a direct connect GW only virtual private GW or transit GW https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html C - uses public VIFs cant be correct D - will not route traffic between regions as it uses private VIFs and not transit VIFs For A its documented architecture - Two DCs, Two VIFs, DX GW and inter-region transit peering, here: https://docs.aws.amazon.com/whitepapers/latest/hybrid-connectivity/aws-dx-dxgw-with-aws-transit-gateway-multi-regions-and-aws-public-peering.html

In B it states: "Associate each VPC with the Direct Connect gateway." you can't do that directly, you must use VGW. If this is implied, then B is of course the best.

its A https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-aws-transit-gateway.html

Can someone enlighted me for it seems for me that one private VIF mapped into one direct connect gateway, so "Create two private VIFs, and attach them to a single Direct Connect gateway" seems strange for me. I searched in the internet only find one direct connection support 50 private VIFs and 500 VPCs, but I didn't find the relationship between direct connection gateway and private VIF( not direct connection and private VIF )

For those who have selected B : This solution would be effective in allowing EC2 instances in each VPC to connect to each other using private IP addresses, and for the on-premises data center to connect to the VPCs using private IP addresses. However, this solution may not be the most cost-effective option, as the cost of the two private VIFs and the Direct Connect gateway can add up. Additionally, there may be additional latency when communicating between VPCs in different Regions due to the cross-Region peering. Option A is the right answer here The most cost-effective solution for this scenario is to create a transit gateway in each Region and connect all the VPCs to the transit gateways. You can then configure a Direct Connect connection to each transit gateway and route all the traffic between the VPCs through the transit gateways. This will allow all instances in the VPCs to connect to each other and to the on-premises data center by using private IP addresses, and it will minimize the overall cost of the solution.

I'll go with B - it's the most cost-effective solution comparing to A

Clearly B choice, most cost-effective

AWS Transit Gateway + transit VIF

you can ONLY associate a transit gateway or a virtual private gateway to the direct connect gateways, therefore B cannot be correct https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

B. Forum is right. This is a terrible question. I would go for a real-world environment. As an architect, I would always go for transit gateway because peering over peering got scalability issues.

B for cost-effective solution and it make use of DC gateway

Will go with B as well. We must use private VIFs for connectivity. https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/

Not enough VPCs for A to be correct, we're going for cost-efficiency.. B will work fine here.

B is the answer. cross-region vpc peering handles inter-vpc communication and 2 private VIFs are all thats needed for the ON-prem DC to the differnt VPC connections. 1 private VIF for 1 direct connect connection and the 2nd private VIF for the second DConnect connection. This is possible because we are using a DConnect gateway. with DC gateway, we just need a single private VIF for connectivity to multiple VPCs. Details Here: https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/direct-connect.html

Answer is D. This question ask on Transit Gateway Association. https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

Seems option B has lowest cost. But there they have said to create only 2 Private VIFs. But there are total 4+2=6 VPCs in the two regions. So it require 6 private VIFs not 2. Otherwise option A is correct.