ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 72 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 72
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2 instances in eu-central-1 are unable to connect to the database in us-east-1.
What is the MOST operationally efficient solution that will resolve this connectivity issue?

  • A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.
  • B. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.
  • C. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.
  • D. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by princajen at Sept. 2, 2022, 4:02 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
princajen
Highly Voted 1 year, 7 months ago
Selected Answer: A
Correct answer is A! VPN options are out of the question. We are left with add the IP address or a security group rule, but since you cannont create a security group rule that references a peer VPC security group, than the answer is clearly A.
upvoted 8 times
rod1234
1 year, 6 months ago
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
upvoted 1 times
pablo23449
1 year, 6 months ago
yes, you can use SGs from peering VPNs but since it says to use in outbound the choice is A.
upvoted 4 times
caputmundi666
1 year ago
VPC and SG are regional resources: they can't inter-operate if spread on multiple regions. So, answer is A also for this reason
upvoted 3 times
...
Phinx
1 year, 2 months ago
you can't peer a VPN, only VPC.
upvoted 1 times
...
...
...
...
student2020
Highly Voted 1 year, 3 months ago
A is correct. B is wrong for 2 reasons: a) You cannot reference the security group of a peer VPC that's in a different Region. Instead, use the CIDR block of the peer VPC. b) its refers to outbound rule of database not the inbound rule. https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
upvoted 5 times
...
Mangesh_XI_mumbai
Most Recent 4 months, 3 weeks ago
Selected Answer: A
VPC Peering and adding to inbound is key word
upvoted 2 times
...
Hatem08
5 months ago
Selected Answer: A
A -> initiate connection inbound
upvoted 2 times
...
callspace
6 months, 4 weeks ago
Selected Answer: A
This line has the answer: but the database must remain only in us-east-1. Hence us-east-1 region vpc SG need to allow the connection.
upvoted 2 times
...
jipark
8 months, 2 weeks ago
Selected Answer: A
why not B : security groups are typically associated within the same VPC why A : across different Regions, VPC peering is the preferred
upvoted 4 times
...
braveheart22
1 year, 1 month ago
A is the correct answer. B is totally wrong because adding the security group of the instances in eu-central-1 to the outbound rule of the database security group is logically adding the security group of The instances to outbound rule of database sg. Adding an INBOUND RULE to OUTBOUND RULE(outgoing traffic of the database) cannot be used to establish a VPC peering connection.
upvoted 1 times
...
MrMLB
1 year, 4 months ago
Selected Answer: B
By creating a VPC peering connection between the two Regions and adding the security group of the instances in eu-central-1 to the outbound rule of the database security group, you can establish a direct network connection between the two VPCs and allow the instances in eu-central-1 to communicate with the database in us-east-1. This is the most operationally efficient solution because it allows for faster and more efficient communication between the two VPCs
upvoted 2 times
...
michaldavid
1 year, 4 months ago
Selected Answer: A
aaaaaaaaa
upvoted 3 times
...
Liongeek
1 year, 5 months ago
Ans: A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago