Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 835 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 835
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has multiple AWS accounts as part of an organization created with AWS Organizations. Each account has a VPC in the us-east-2 Region and is used for either production or development workloads. Amazon EC2 instances across production accounts need to communicate with each other, and EC2 instances across development accounts need to communicate with each other, but production and development instances should not be able to communicate with each other.
To facilitate connectivity, the company created a common network account. The company used AWS Transit Gateway to create a transit gateway in the us-east-2
Region in the network account and shared the transit gateway with the entire organization by using AWS Resource Access Manager. Network administrators then attached VPCs in each account to the transit gateway, after which the EC2 instances were able to communicate across accounts. However, production and development accounts were also able to communicate with one another.
Which set of steps should a solutions architect take to ensure production traffic and development traffic are completely isolated?

  • A. Modify the security groups assigned to development EC2 instances to block traffic from production EC2 instances. Modify the security groups assigned to production EC2 instances to block traffic from development EC2 instances.
  • B. Create a tag on each VPC attachment with a value of either production or development, according to the type of account being attached. Using the Network Manager feature of AWS Transit Gateway, create policies that restrict traffic between VPCs based on the value of this tag.
  • C. Create separate route tables for production and development traffic. Delete each account's association and route propagation to the default AWS Transit Gateway route table. Attach development VPCs to the development AWS Transit Gateway route table and production VPCs to the production route table, and enable automatic route propagation on each attachment.
  • D. Create a tag on each VPC attachment with a value of either production or development, according to the type of account being attached. Modify the AWS Transit Gateway routing table to route production tagged attachments to one another and development tagged attachments to one another.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by shailurtm2001 at April 22, 2022, 9:15 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Bigbearcn
Highly Voted 2 years, 5 months ago
C is correct. attach different route table. https://aws.amazon.com/cn/blogs/architecture/field-notes-working-with-route-tables-in-aws-transit-gateway/
upvoted 6 times
...
evargasbrz
Most Recent 1 year, 9 months ago
Selected Answer: C
C is the correct answer https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html
upvoted 1 times
...
gnic
2 years, 1 month ago
Selected Answer: C
It's C https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html
upvoted 1 times
...
asfsdfsdf
2 years, 2 months ago
Selected Answer: C
C is the only correct way to fully segregate between VPCs (different route tables)
upvoted 3 times
...
tartarus23
2 years, 5 months ago
Selected Answer: C
C. The production and development route tables and VPC should be disassociated and configured separately using AWS transit gateway then route propagation enabled for the respective VPC attachments.
upvoted 2 times
...
shailurtm2001
2 years, 5 months ago
Should be C.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel