exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 811 discussion

A company is building an application on AWS. The application sends logs to an Amazon Elasticsearch Service (Amazon ES) cluster for analysis. All data must be stored within a VPC.
Some of the company's developers work from home. Other developers work from three different company office locations. The developers need to access
Amazon ES to analyze and visualize logs directly from their local development machines.
Which solution will meet these requirements?

  • A. Configure and set up an AWS Client VPN endpoint. Associate the Client VPN endpoint with a subnet in the VPC. Configure a Client VPN self-service portal. Instruct the developers to connect by using the client for Client VPN.
  • B. Create a transit gateway, and connect it to the VPC. Create an AWS Site-to-Site VPN. Create an attachment to the transit gateway. Instruct the developers to connect by using an OpenVPN client.
  • C. Create a transit gateway, and connect it to the VPC. Order an AWS Direct Connect connection. Set up a public VIF on the Direct Connect connection. Associate the public VIF with the transit gateway. Instruct the developers to connect to the Direct Connect connection
  • D. Create and configure a bastion host in a public subnet of the VPC. Configure the bastion host security group to allow SSH access from the company CIDR ranges. Instruct the developers to connect by using SSH.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
asfsdfsdf
2 years, 4 months ago
Selected Answer: A
Only A will work if users are working from home
upvoted 3 times
...
tkanmani76
2 years, 10 months ago
A - https://aws.amazon.com/premiumsupport/knowledge-center/client-vpn-associate-target-network/
upvoted 4 times
...
wahlbergusa
2 years, 10 months ago
Selected Answer: A
B - It is either On prem - TGW - VPC attachment OR On prem - VPN - VPC attachment. Would not make sense to do both in this scenario. Redundancy is not the focus here. Plus OpenVPN client will be used as a client to site solution by developers. Hence this option is WRONG. C - ElasticSearch is not a public service. Hence Public VIF will not help here. D - ElasticSearch is GUI based so SSH will not help here. Option A satisfies the criterias.
upvoted 4 times
wahlbergusa
2 years, 10 months ago
A slight correction on Option C. ElasticSearch actually is a public service. My vote is still on A since ordering a direct connect is certainly an overkill for this scenario.
upvoted 2 times
...
...
Smartphone
2 years, 11 months ago
A is the correct Answer.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...