Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 172 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 172
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has multiple business units that each have separate accounts on AWS. Each business unit manages its own network with several VPCs that have CIDR ranges that overlap. The company’s marketing team has created a new internal application and wants to make the application accessible to all the other business units. The solution must use private IP addresses only.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Instruct each business unit to add a unique secondary CIDR range to the business unit's VPC. Peer the VPCs and use a private NAT gateway in the secondary range to route traffic to the marketing team.
  • B. Create an Amazon EC2 instance to serve as a virtual appliance in the marketing account's VPC. Create an AWS Site-to-Site VPN connection between the marketing team and each business unit's VPC. Perform NAT where necessary.
  • C. Create an AWS PrivateLink endpoint service to share the marketing application. Grant permission to specific AWS accounts to connect to the service. Create interface VPC endpoints in other accounts to access the application by using private IP addresses.
  • D. Create a Network Load Balancer (NLB) in front of the marketing application in a private subnet. Create an API Gateway API. Use the Amazon API Gateway private integration to connect the API to the NLB. Activate IAM authorization for the API. Grant access to the accounts of the other business units.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by spd at Feb. 14, 2023, 1:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
spd
Highly Voted 1 year, 7 months ago
Selected Answer: C
Private link is the solution for IP Overlapping and Securely access the app between accounts
upvoted 13 times
...
c73bf38
Highly Voted 1 year, 7 months ago
Selected Answer: C
With AWS PrivateLink, the marketing team can create an endpoint service to share their internal application with other accounts securely using private IP addresses. They can grant permission to specific AWS accounts to connect to the service and create interface VPC endpoints in the other accounts to access the application by using private IP addresses. This option does not require any changes to the network of the other business units, and it does not require peering or NATing. This solution is both scalable and secure.
upvoted 10 times
...
alexsanteeno
Most Recent 9 months ago
Selected Answer: B
"LEAST OPERATIONAL OVERHEAD" - is key word in a question. Its not so easy to migrate any on-premise infra to any AWS. Looking at the answers here I see no one eve done that before and just answering as from AWS docs. The easiest way to migrate any on-premise infra - ec2
upvoted 1 times
helloworldabc
3 weeks ago
just C
upvoted 1 times
...
StevePace
6 months ago
who mentioned migration?!
upvoted 1 times
...
...
honoga4853
9 months ago
Selected Answer: B
"LEAST OPERATIONAL OVERHEAD" - is key word in a question. Its not so easy to migrate any on-premise infra to any AWS. Looking at the answers here I see no one eve done that before and just answering as from AWS docs. The easiest way to migrate any on-premise infra - ec2
upvoted 1 times
helloworldabc
3 weeks ago
just C
upvoted 1 times
...
...
career360guru
9 months, 3 weeks ago
Selected Answer: C
Option C
upvoted 1 times
...
NikkyDicky
1 year, 2 months ago
Selected Answer: C
C for sure
upvoted 1 times
...
Alabi
1 year, 2 months ago
Selected Answer: C
The solution that will meet the requirements with the least operational overhead is: C. Create an AWS PrivateLink endpoint service to share the marketing application. Grant permission to specific AWS accounts to connect to the service. Create interface VPC endpoints in other accounts to access the application using private IP addresses. AWS PrivateLink provides secure and scalable private connectivity between VPCs, AWS services, and on-premises applications, without using public IP addresses. In this case, you can create an AWS PrivateLink endpoint service for the marketing application, which allows other business units to access the application using private IP addresses. By granting permission to specific AWS accounts to connect to the PrivateLink endpoint service, you can control access to the marketing application. Then, in each business unit's VPC, you can create interface VPC endpoints to connect to the PrivateLink service, allowing them to access the marketing application privately.
upvoted 2 times
...
mfsec
1 year, 5 months ago
Selected Answer: C
Private link
upvoted 1 times
...
God_Is_Love
1 year, 6 months ago
Selected Answer: C
Networking & Content Delivery blog - https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/
upvoted 5 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel