Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 832 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 832
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.
A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC. The solutions architect already has deployed a NAT gateway in an egress VPC in a central AWS account.
Which set of additional steps should the solutions architect take to meet these requirements?

  • A. Create peering connections between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
  • B. Create a transit gateway, and share it with the existing AWS accounts. Attach existing VPCs to the transit gateway. Configure the required routing to allow access to the internet.
  • C. Create a transit gateway in every account. Attach the NAT gateway to the transit gateways. Configure the required routing to allow access to the internet.
  • D. Create an AWS PrivateLink connection between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by shailurtm2001 at April 22, 2022, 8:26 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
shailurtm2001
Highly Voted 2 years, 5 months ago
B correct https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-egress-to-internet.html
upvoted 5 times
...
ajchi1980
Most Recent 1 year, 3 months ago
Selected Answer: B
Option A (creating peering connections): Peering connections allow connectivity between VPCs but do not provide the ability to route internet traffic through a central egress VPC. Option B (creating a transit gateway): This is the correct approach for implementing a hub-and-spoke design. By creating a transit gateway and sharing it with the existing AWS accounts, the spoke VPCs can be attached to the transit gateway. Routing can be configured to direct all internet-bound traffic from the spoke VPCs to the egress VPC with the NAT gateway. Option C (creating a transit gateway in every account): While it is possible to create a transit gateway in every account, it would result in unnecessary complexity and management overhead. It is more efficient to have a single transit gateway shared across accounts. Option D (creating an AWS PrivateLink connection): AWS PrivateLink is used for private connectivity between VPCs and AWS services, and it does not provide the ability to route internet traffic through an egress VPC.
upvoted 1 times
...
pixepe
2 years ago
B, Architecture diagram with sequence number for outbound flow (via egress vpc) - https://d1.awsstatic.com/architecture-diagrams/ArchitectureDiagrams/NAT-gateway-centralized-egress-ra.pdf?did=wp_card&trk=wp_card
upvoted 1 times
...
Ni_yot
2 years, 1 month ago
B. Yes is correct ans
upvoted 1 times
...
asfsdfsdf
2 years, 2 months ago
Selected Answer: B
B is the only correct one since peering is limited to 125
upvoted 4 times
...
TechX
2 years, 3 months ago
Selected Answer: B
it's B
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel